CN113746811A - Login method, device, equipment and readable storage medium - Google Patents

Login method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN113746811A
CN113746811A CN202110932540.3A CN202110932540A CN113746811A CN 113746811 A CN113746811 A CN 113746811A CN 202110932540 A CN202110932540 A CN 202110932540A CN 113746811 A CN113746811 A CN 113746811A
Authority
CN
China
Prior art keywords
vpn
user
login
service
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110932540.3A
Other languages
Chinese (zh)
Inventor
林俊洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN202110932540.3A priority Critical patent/CN113746811A/en
Publication of CN113746811A publication Critical patent/CN113746811A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

After a VPN authentication end determines that a user is a legal user of VPN service, a trust request carrying an identity of the user is sent to a business server deployed in an intranet. And the service server performs validity verification on the user according to the identity and sends a trust response carrying a validity verification result to the VPN authentication end. And the VPN authentication end sends a login response to the terminal equipment of the user according to the trust response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through the browser. By adopting the scheme, the VPN authentication end and the service server are communicated with each other to establish a trust mechanism, so that a user logs in the service server while logging in the VPN service end, the login process is simplified, the error rate is reduced, and the user experience is improved.

Description

Login method, device, equipment and readable storage medium
Technical Field
The present application relates to the field of network security technologies, and in particular, to a login method, device, apparatus, and readable storage medium.
Background
With the rapid development of internet technology, enterprises establish an enterprise internal network, and various business systems are deployed by using the enterprise internal network to improve office efficiency. Common business systems include mail systems, office automation systems (OA), and the like.
In general, when a user works in a company, if the user wants to access a certain service system, the user inputs an account number and a password of the service system for verification, and service access can be performed only after the verification is passed. However, sometimes the user goes on business and needs to work at home. In order to facilitate public Network users to access each system in the internal Network of an enterprise and simultaneously ensure access safety, Virtual Private Networks (VPNs) have come into play, and most enterprises can choose to purchase VPN services of Network service providers to realize the access of the public Network users to the internal Network services in consideration of factors such as operation cost, service specialties and the like.
In the application scenario, in order to identify the validity of the user, the network service provider verifies the identity of the user, and the service system in the intranet also needs to verify the validity of the identity of the user. Therefore, if an enterprise user accesses each service system in the intranet through the public network, the enterprise user can access the intranet smoothly only by inputting login information twice, the process is complicated, errors are easy to occur, and the user experience is poor.
Disclosure of Invention
According to the login method, the login device, the login equipment and the readable storage medium, a trust mechanism is established through mutual communication between the VPN authentication end and the service server, so that a user can login the service server while logging in the VPN service end, the login process is simplified, and the error rate is reduced.
In a first aspect, an embodiment of the present application provides a login method, which is applied to a virtual private network VPN authentication end deployed in a public network, where the method includes:
determining that the user is a legal user of the VPN service;
sending a trust request to a service server deployed in an intranet, wherein the trust request carries the identity of the user;
receiving a trust response from the service server, wherein the trust response is generated by the service server according to the validity verification result of the identity;
and sending a login response to the terminal equipment of the user according to the trust response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through a browser.
In a second aspect, an embodiment of the present application provides a login method, which is applied to a virtual private network VPN server deployed in a public network, where the method includes:
receiving an authentication request sent by a user through a VPN client application on terminal equipment;
verifying the authentication request to obtain a feedback result, and sending the feedback result to a VPN client application of the terminal equipment;
if the feedback result indicates that the VPN client application successfully logs in a service server and the VPN service, a VPN tunnel is established with the VPN client application, so that a service request sent by the user through the VPN client is received through the VPN tunnel, and the service request is sent to the service server.
In a third aspect, an embodiment of the present application provides a login method, which is applied to a service server deployed in an intranet, and includes:
receiving a trust request from a Virtual Private Network (VPN) authentication end deployed in a public network, wherein the trust request carries an identity of a user, and the user is a legal user of VPN service;
carrying out validity verification on the user to obtain a validity verification result, wherein the validity verification result is used for indicating whether the user is a valid user of the service server or not;
and sending a trust response carrying the validity verification result to the VPN authentication end.
In a fourth aspect, an embodiment of the present application provides a login method, which is applied to a terminal device, and includes:
acquiring a data stream for displaying a login page through a browser, wherein the login page is used for logging in a Virtual Private Network (VPN) service and a service server in an intranet;
displaying the login page according to the data stream;
sending a login request carrying login information of a user to a VPN authentication end through the login page;
and receiving a login response from the VPN authentication end, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through a browser.
In a fifth aspect, an embodiment of the present application provides a login apparatus, where the login apparatus is integrated at a VPN authentication end deployed in a public network, and the apparatus includes:
the processing module is used for determining that the user is a legal user of the VPN service;
the sending module is used for sending a trust request to a service server deployed in an intranet, wherein the trust request carries the identity of the user;
the receiving module is used for receiving a trust response from the service server, wherein the trust response is generated by the service server according to the validity verification result of the identity;
the sending module is further configured to send a login response to the terminal device of the user according to the trust response, where the login response is used to indicate whether the user successfully logs in the service server and the VPN service through a browser.
In a sixth aspect, an embodiment of the present application provides a login apparatus, integrated in a virtual private network VPN server deployed in a public network, where the apparatus includes:
the receiving module is used for receiving an authentication request sent by a user through a VPN client application on the terminal equipment;
the processing module is used for verifying the authentication request to obtain a feedback result and sending the feedback result to the VPN client application of the terminal equipment;
if the feedback result indicates that the VPN client application successfully logs in a service server and the VPN service, establishing a VPN tunnel with the VPN client application so as to receive a service request sent by the user through the VPN client through the VPN tunnel;
and the sending module is used for sending the service request to the service server.
In a seventh aspect, an embodiment of the present application provides a login apparatus, which is integrated in a service server deployed in an intranet, where the apparatus includes:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a trust request from a Virtual Private Network (VPN) authentication end deployed in a public network, the trust request carries an identity of a user, and the user is a legal user of VPN service;
the processing module is used for carrying out validity verification on the user to obtain a validity verification result, and the validity verification result is used for indicating whether the user is a valid user of the service server or not;
and the sending module is used for sending a trust response carrying the validity verification result to the VPN authentication end.
In an eighth aspect, an embodiment of the present application provides a login apparatus, integrated in a terminal device, where the apparatus includes:
the system comprises a processing module, a browser and a server, wherein the processing module is used for acquiring a data stream for displaying a login page through the browser, and the login page is used for logging in a Virtual Private Network (VPN) service and a service server in an intranet;
the display module is used for displaying the login page according to the data stream;
the sending module is used for sending a login request carrying login information of a user to the VPN authentication end through the login page;
and the receiving module is used for receiving a login response from the VPN authentication end, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through a browser.
In a ninth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory and a computer program stored on the memory and executable on the processor, the processor when executing the computer program causing the electronic device to implement the method as described above in the first aspect or in various possible implementations of the first aspect; or, the processor, when executing the computer program, causes the electronic device to implement the method according to the second aspect or various possible implementations of the second aspect; or, the processor, when executing the computer program, causes the electronic device to implement the method according to the third aspect or various possible implementations of the third aspect; alternatively, the processor, when executing the computer program, causes the electronic device to implement the method according to the fourth aspect or various possible implementations of the fourth aspect.
In a tenth aspect, embodiments of the present application provide a computer-readable storage medium, in which computer instructions are stored, and when executed by a processor, the computer instructions are configured to implement the method according to the first aspect or various possible implementations of the first aspect; or, the computer instructions, when executed by a processor, are for implementing a method as set forth in the second aspect above or in various possible implementations of the second aspect; or, the computer instructions, when executed by a processor, are for implementing a method as set forth in the third aspect or various possible implementations of the third aspect; alternatively, the computer instructions, when executed by a processor, are adapted to implement a method as described in the fourth aspect or various possible implementations of the fourth aspect.
In an eleventh aspect, embodiments of the present application provide a computer program product comprising a computer program, which when executed by a processor, implements the method according to the first aspect or various possible implementations of the first aspect; or the computer program, when executed by a processor, implements the method as described above in the second aspect or in various possible implementations of the second aspect; or, the computer program, when executed by a processor, implements a method as described in the third aspect or various possible implementations of the third aspect; alternatively, the computer program, when executed by a processor, implements the method as described above in the fourth aspect or in various possible implementations of the fourth aspect.
According to the login method, the login device, the login equipment and the readable storage medium, after the VPN authentication end determines that the user is a legal user of the VPN service, a trust request carrying the identity of the user is sent to a service server deployed in an intranet. And the service server performs validity verification on the user according to the identity and sends a trust response carrying a validity verification result to the VPN authentication end. And the VPN authentication end sends a login response to the terminal equipment of the user according to the trust response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through the browser. By adopting the scheme, the VPN authentication end and the service server are communicated with each other to establish a trust mechanism, so that a user logs in the service server while logging in the VPN service end, the login process is simplified, the error rate is reduced, and the user experience is improved. Moreover, the authentication information is input only once in the login process, the authentication information is VPN service login information of the user, such as a login account number, a password and the like, and the authentication information of the service server does not need to be input, so that the service server is hidden at the rear end, the risk of the service server being attacked is reduced, and the times of inputting the login information by the user are reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1A is a schematic diagram of an implementation environment of a login method provided in an embodiment of the present application;
FIG. 1B is a schematic diagram of another implementation environment of the login method provided in the embodiment of the present application;
fig. 2 is a flowchart of a login method provided in an embodiment of the present application;
fig. 3 is a schematic diagram of an interface change process of a terminal device in a login method provided in an embodiment of the present application;
FIG. 4 is a schematic diagram illustrating an authentication process of a token in a login method according to an embodiment of the present application;
FIG. 5 is a process diagram of a login method provided by an embodiment of the present application;
fig. 6 is a schematic diagram of a login device according to an embodiment of the present application;
fig. 7 is a schematic diagram of a login device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
At present, before a user logs in a VPN service through a VPN client, a VPN system performs identity authentication on the user by using a self-contained functional module for user identity authentication. After the identity authentication is passed, the user can use the VPN service. The VPN client application comprises an Android (Android) client application, an IOS client application, a window PC client application and the like.
After a user in a public network logs in a VPN system and accesses a service system in an intranet, the service system also needs to verify the validity of the user identity.
In the process of logging in the service system, the login information is input for the first time for the identity authentication of the VPN system, and the login information is input for the second time for the identity authentication of the service system. That is, the VPN system and the service system each manage their own account system separately. Taking the example that a user accesses a business system in a company intranet in a public network, in the access process, firstly, authentication information such as an account number, a password and the like of a VPN service is input to log in a VPN service terminal. After the VPN service is successfully logged in, the homepages of some business systems of the company are entered, and the business systems to be accessed are selected on the homepages for logging in. For example, accessing the OA system may require the user to enter authentication information for the OA system by jumping out of the login page.
Obviously, the login mode has the disadvantages of complicated process, easy error, poor user experience and inconvenience for the user to manage login information. Moreover, there may be a risk of attack if the business system is exposed in the public network.
Based on this, the embodiments of the present application provide a login method, device, apparatus, and readable storage medium, which establish a trust mechanism through mutual communication between a VPN authentication end and a service server, so that a user logs in the service server while logging in a VPN server, thereby simplifying a login process, reducing an error rate, and improving user experience.
Fig. 1A is a schematic diagram of an implementation environment of a login method according to an embodiment of the present application. Referring to fig. 1, the present embodiment includes: a Virtual Private Network (VPN) authentication terminal 11 deployed in the public Network, a VPN service terminal 12 deployed in the public Network, a service server 13 deployed in the intranet, and a terminal device 14 in the public Network. At least one VPN server 12 is provided, each VPN server 12 is connected to the VPN authentication server 11 through a network, the VPN authentication server 11 is connected to the service server 13 through a network, and the terminal device 14 is connected to the VPN authentication server 11 and the VPN server through a network. In a preferred embodiment, the VPN service end 12 communicates with the VPN authentication end 11, the VPN authentication end 11 communicates with the service server 13, and the VPN service end 12 communicates with the service server 13 based on a VPN Network, so as to ensure the security of data transmission.
Referring to fig. 1A, one VPN authentication end 11 may communicate with a plurality of VPN service ends 12, where the VPN authentication end 11 is a service application that is deployed by a network provider in a public network and is dedicated to implement single-sign-on verification of a VPN and a service server, and may be deployed on the same device as one of the VPN service ends 12 or separately from the one of the VPN service ends 12, and in an actual application scenario, the number of the VPN service ends 12 may be many.
VPN server 12 is configured to provide VPN services to users, where VPN services may include forwarding user requests to the intranet through a VPN tunnel. Each time a user uses a VPN service, it may be a different VPN service end 12 that provides the VPN service.
In an application scenario, the service server 13 is, for example, a server of a Single Sign-On (SSO) system, that is, the VPN client has implemented a Single Sign-On function for its service based On the SSO service. When the service server 13 is a server of the SSO system, after the user inputs a password and successfully logs in the VPN service and the server of the SSO system at the same time, the user can directly access the service system that has accessed the SSO system, such as an Office Automation (OA) system, a mail system, an attendance system, a performance system, and the like, based on the login success status of the SSO system.
In another application scenario, the business server 13 may be one of the servers of an OA system, a mail system, etc. Taking the OA system as an example, after a user inputs a password and simultaneously logs in the VPN service and the OA system, the user can access the other OA system.
In addition, if a VPN client purchases a VPN service for a plurality of service systems in the intranet and an SSO system is not yet introduced, when a mutual trust mechanism is established, the VPN authentication end needs to establish a mutual trust mechanism with each of the plurality of service servers.
The terminal device 14 is, for example, an electronic device such as a mobile phone, a tablet computer, and a personal computer, which is installed with an android operating system, a microsoft operating system, a saiban operating system, a Linux operating system, or an apple iOS operating system. The terminal device 14 has a browser and a VPN client application installed thereon, such as an Android (Android) client application, an IOS client application, or a window PC client application.
Fig. 1B is a schematic diagram of another implementation environment of the login method according to the embodiment of the present application. Referring to fig. 1, the present embodiment includes: a Virtual Private Network (VPN) server 110 deployed in the public Network, a service server 13 deployed in the intranet, and a terminal device 14 in the public Network. The VPN server 110 integrates the functions of the VPN authentication end 11 and the VPN service end 12 in fig. 1A, that is, the VPN authentication end 11 and the VPN service end 12 are both deployed on the VPN server 10, the VPN server 110 and the service server 13 are connected through a VPN network, and the terminal device 14 can access the VPN server through the internet. For a detailed description, refer to fig. 1A, which is not repeated herein.
Unless otherwise specified, the following description will be made in the context of the embodiment shown in fig. 1A.
Fig. 2 is a flowchart of a login method provided in an embodiment of the present application. The embodiment is described from the perspective of interaction between the VPN authentication terminal, the service server, and the terminal device. The embodiment comprises the following steps:
201. and the VPN authentication end determines that the user is a legal user of the VPN service.
It is worth to be noted that the login method provided in the embodiment of the present application may be applicable to a scenario in which a user logs in through a VPN client application, specifically, as shown in fig. 3, or may be applicable to a scenario in which a user logs in directly based on a browser, that is, a user may directly access a login page through a browser.
Fig. 3 is a schematic diagram of an interface change process of a terminal device in a login method provided in an embodiment of the present application. Referring to fig. 3, after the user clicks the VPN client application on the desktop of the electronic device, the VPN client application is opened. The user interface of the VPN client application displays two buttons of joint login and common login, the common login mode is a login mode of inputting login information at least twice, and the joint login mode is a login mode provided by the embodiment of the application.
And clicking the joint login button by the user so as to select the login mode provided by the embodiment of the application. Thereafter, the VPN client application automatically invokes the browser. The terminal device requests the login page from the VPN authentication terminal through the browser and displays the login page, and it can be understood that in a scenario where a user logs in directly through the browser, the user can directly input an access address of the login page in the browser. And then, the user inputs login information in a login page in modes of voice, touch and the like and sends the login information to the VPN authentication end. The login information includes a login account, a password, and the like, and may further include an authentication code, an enterprise identifier, and the like. The login account and the password are independently maintained by the VPN authentication end, namely, the login account and the password are obtained by the fact that a user registers in the VPN authentication end in advance and are not related to login information of the service server.
The VPN authentication end may collect and store login information (except for a verification code) of a valid user and related information such as an identity, where the identity is information used by an enterprise to identify the identity of the user, such as a mobile phone number, an identity card number, a job number, and the like of the user, and it may be understood that an enterprise customer who purchases a VPN service synchronizes the identity of the valid user (for example, an enterprise employee who may use the VPN service or other personnel) to the VPN authentication end in advance, so that when the VPN authentication end receives a user registration request, it determines whether the user is valid. After receiving the login information, the VPN authentication end can compare the stored information with a login account, a password and an enterprise identifier submitted by the user during login, and if the stored information is consistent with the login account, the password and the enterprise identifier, the VPN authentication end is determined to be a legal user of the VPN service.
If the user is a legal user of the VPN service, execute step 202; if the user is not a legal user of the VPN service, a prompt message is popped up to prompt that the user cannot log in through the login mode provided by the embodiment of the application.
It should be noted that, although fig. 3 is described above, two buttons of joint login and normal login are simultaneously displayed on the user interface of the VPN client application. However, the embodiment of the present application is not limited, and in other possible implementations, only the joint login button is displayed on the user interface of the VPN client application, that is, the VPN client application only provides the login method described in the embodiment of the present application. At this time, after the user clicks the VPN client application on the desktop of the electronic device and requests login, the VPN client application invokes the browser to request a login page from the VPN authentication end, and displays the login page. The user does not need to select a joint login mode.
202. And the VPN authentication end sends a trust request to the service server.
And the trust request carries the identity of the user.
Illustratively, after the VPN authentication end determines that the user is a valid user of the VPN service, the identity of the user can be determined according to login information submitted by the user, and a trust request carrying the identity of the user is sent to a service server in an intranet, so that a mutual trust relationship is established between the request and the service server.
It should be noted that, in order to ensure the security of data transmission, the trust request sent by the VPN authentication end needs to be transmitted based on a VPN network, where the VPN network is deployed between the VPN authentication end and an intranet where the service server is located, and further, the VPN authentication end may encrypt the user identity carried in the trust request based on an encryption manner negotiated with the service server in advance, so as to further prevent the user information from leaking out.
203. And the service server performs validity verification on the user to obtain a validity verification result.
And the validity verification result is used for indicating whether the user is a valid user of the service server.
In one implementation, since the service server is owned by the enterprise client, the service server can acquire user information of the enterprise client, including an identity, an access right and the like, wherein the form of the user identity acquired by the service server is consistent with that of the VPN authentication end, after receiving the trust request, the service server judges whether the user has access to the user's own right according to the user identity carried in the trust request, and if so, the service server determines that the user is a legal user of the service server, thereby obtaining a validity verification result.
In another implementation, the VPN authentication end may, in a process of verifying that the user is a valid user, confirm an access right of the user to determine whether the user has a right to access the service server, and if so, send the user identity to the service server, and after determining that the received user identity is from the valid VPN authentication end, the service server may directly trust a verification result of the VPN authentication end, determine that the user is a valid user, and obtain a validity verification result. In this embodiment, the enterprise client is required to synchronize the user access right to the VPN authentication end, but the enterprise client is not required to cooperate with the service server to implement the verification in the above embodiment, so the implementation is simpler.
204. And the service server sends a trust response carrying the validity verification result to the VPN authentication end.
205. And the VPN authentication end sends a login response to the terminal equipment of the user according to the trust response.
Illustratively, if the validity verification result indicates that the user is a valid user of the service server, the login response is a data stream for generating a login success page, and the login response is used for indicating that the user successfully logs in the service server and the VPN service through the browser. And if the legality verification result indicates that the user is not a legal user of the service server, the login response is a data stream for generating a login failure page, and the login response is used for indicating that the user fails to successfully log in the service server and the VPN service through the browser.
If the login is successful, the user can access the service server through the VPN service.
According to the login method provided by the embodiment of the application, after the VPN authentication end determines that the user is a legal user of the VPN service, a trust request carrying the identity of the user is sent to a service server deployed in an intranet. And the service server performs validity verification on the user according to the identity and sends a trust response carrying a validity verification result to the VPN authentication end. And the VPN authentication end sends a login response to the terminal equipment of the user according to the trust response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through the browser.
By adopting the scheme, the VPN authentication end and the service server are communicated with each other to establish a trust mechanism, and login information is input only once in the login process, so that a user can login the service server while logging in the VPN service end, the login process is simplified, the error rate is reduced, and the user experience is improved. The login information is independently managed by the VPN authentication end of the network service provider, and the enterprise client does not need to synchronize the user login information managed by the enterprise client to the VPN authentication end, so that the security of the internal data of the client is ensured. Because the user does not need to directly access the service server in the login process, the service server does not need to provide a public network entrance, the service server can be completely hidden in an intranet, and the risk that the service server is attacked is reduced.
Optionally, in the above embodiment, the login response is used to indicate whether the user successfully logs in the service server and the VPN service through the browser, and since the browser and the VPN client application are two different programs, in a scenario where the user logs in through the VPN client application, login verification at the VPN client application side needs to be further completed. At this time, the VPN authentication end generates a token for authentication in the verification process shown in fig. 4.
For example, please refer to fig. 4, fig. 4 is a schematic diagram illustrating an authentication process of a token in a login method according to an embodiment of the present application. The embodiment comprises the following steps:
401. the VPN authenticator receives a trust response from the traffic server.
402. The VPN authentication end generates a token for the user.
Illustratively, after receiving the trust response from the service server, the VPN authentication end generates a token (token) if the trust response indicates that the user is a valid user of the service server, and the token is used for verifying the validity of the VPN client application.
403. And the VPN authentication end sends a login response carrying the token to the terminal equipment.
Illustratively, the VPN authentication end sends the token to the browser of the terminal device in a login response.
404. And displaying a login success page by a browser of the terminal equipment.
405. And the browser of the terminal equipment activates the VPN client application by utilizing the login success page and sends the token to the VPN client application.
In the embodiment of the application, the browser activates the VPN client application in modes of running scripts and the like in the login success page. For example, the terminal device displays a login success page through a browser, and automatically runs a script in the login success page to activate the VPN client after displaying a preset time period, where the preset time period is, for example, 3 seconds, 4 seconds, and the like, and the embodiment of the present application is not limited.
For another example, the terminal device displays a login success page through the browser, and the user clicks a close button on the login success page to trigger the script to run, so as to activate the VPN client.
406. And the VPN client application sends an authentication request carrying the token to a VPN server providing the VPN service.
In one implementation, the address information of the VPN server providing the VPN service may be pre-configured in a VPN client application, and the client application, after being activated by the browser, will automatically send an authentication request to the VPN service based on the received token.
In another implementation, while the VPN authentication end generates the token, the access address of one or more preferred VPN service ends may be determined from a plurality of VPN service ends providing the VPN service according to the information of the terminal device, and the access address is sent to the terminal device browser together, so as to instruct the VPN client application of the terminal device to select one VPN service end from the access addresses to provide the VPN service for the terminal device.
407. And the VPN server side verifies the authentication request to obtain a feedback result.
Illustratively, the VPN server verifies the token carried by the authentication request, or the VPN server sends the token carried by the authentication request to the VPN authentication end, and the VPN authentication end verifies the token.
For example, after the VPN authentication end generates the token, the token is sent to the browser of the terminal device through the login response, and at the same time, the token is sent to a VPN server providing the VPN service (for example, a VPN server pre-configured in the application of the VPN client, or one or more selected VPN servers), and the token is stored by the VPN server. When an authentication request sent to the VPN server by the VPN client application is received, the VPN server verifies the token carried by the authentication request based on the stored token to obtain a feedback result. Wherein the feedback result is used for indicating whether the user successfully logs in the business server and the VPN service through the VPN client application.
For another example, the VPN client application sends an authentication request to the VPN server. After receiving the authentication request, the VPN server generates a token verification request based on the token carried by the authentication request and sends the token verification request to the VPN authentication end. The VPN authentication end verifies the token carried by the verification request based on the token generated in step 402, thereby generating a feedback result, and the token carried by the verification request is obtained from the authentication request sent by the terminal device through the VPN client application by the VPN service end. Then, the VPN authentication end sends a feedback result to the VPN service end; correspondingly, the VPN server side receives a feedback result returned by the VPN authentication side. Wherein the feedback result is used for indicating whether the user successfully logs in the business server and the VPN service through the VPN client application.
In addition, the authentication request is likely not to carry a token, and at this time, the VPN server directly determines that the application of the VPN client is illegal, that is, the user cannot successfully log in the service server and the VPN service through the VPN application.
By adopting the scheme, the token carried by the authentication request is verified through the VPN authentication end or the VPN service end, so that the validity of the VPN client application can be ensured, and the login process of the user through the VPN client application is completed.
Optionally, in the above embodiment, after the VPN authentication end generates the token, the state of the token may be set based on the validity period or other information, and the token may be stored. For example, if the token is expired, the token is set to be in an invalid state, the VPN authentication end receives a notification that the user is invalid, the token is set to be in the invalid state, and if the VPN service purchased by the company where the user is located is expired, the token is set to be in the invalid state. The stored token will be referred to as the first token hereinafter.
And then, the VPN client application sends an authentication request carrying a token to the VPN server, the VPN server generates a token verification request according to the token carried by the authentication request, and sends the token verification request carrying the token to the VPN authentication terminal, and the token carried by the token verification request is called as a second token hereinafter. And after receiving the token verification request, the VPN authentication end verifies the second token based on the first token. For example, if the VPN authentication end determines a token identical to the second token from the stored multiple first tokens, it determines that the second token is a token generated by the VPN authentication end, and further determines whether the state of the second token is normal. And if the second token is in a normal state, the VPN authentication end generates a feedback result for indicating that the second token is legal. If the second token is not generated by the VPN authentication terminal or the state is abnormal, if the second token is invalid, the VPN authentication terminal generates a feedback result for indicating that the second token is illegal.
If the token carried by the authentication request is verified by the VPN server, after the token is generated by the VPN authentication end, the state of the token and the like need to be sent to the VPN server, and when the token state is updated, the token is synchronously sent to the VPN server. The VPN server receives and stores the token, the state of the token, and the like, and verifies the token carried in the authentication request based on the stored token and the state of the token, and the verification method is the same as that described above and will not be described again.
By adopting the scheme, the purpose of accurately verifying the validity of the token in real time can be realized by further verifying whether the state of the token is normal.
408. And the VPN server side sends the feedback result to the VPN client side application of the terminal equipment.
The VPN server may determine whether to provide VPN services for the VPN client application based on the feedback results. Specifically, if the feedback result indicates that the user successfully logs in the service server and the VPN service through the VPN client application, the VPN server may perform a normal response to a VPN tunnel establishment request sent by the VPN client application to establish a VPN tunnel between the VPN client application and the VPN server, where the VPN tunnel is to be used to receive a service request sent by the user through the VPN client application and addressed to the service server. And if the feedback result indicates that the user does not successfully log in the service server and the VPN service through the VPN client application, the VPN server refuses to establish a VPN tunnel with the VPN client application, so that the intranet access request of the user is refused to be received.
For example, if the feedback result indicates that the VPN client application successfully logs in the service server and the VPN service, step 409 is entered: and establishing a VPN tunnel with the VPN client application so as to receive a service request sent by the user to the service server or other service servers accessed to the service server through the VPN client through the VPN tunnel and send the service request to the service server.
And if the feedback result indicates that the VPN client application fails to successfully log in the service server and the VPN service, popping up prompt information by the VPN client application of the terminal equipment to prompt that the user fails to log in, and refusing to establish a VPN tunnel with the VPN client application.
In the embodiment, after the user successfully logs in the service server and the VPN service through the browser on the browser, the VPN client application is called, and the validity of the VPN client application is confirmed based on the token, so that whether the user successfully logs in the service server and the VPN service through the VPN client application is determined.
The complete process of implementing a login based on a VPN client application will be illustrated in connection with fig. 5.
Fig. 5 is a process schematic diagram of a login method provided in an embodiment of the present application. Referring to fig. 5, the present embodiment includes:
501. and the terminal equipment identifies the clicking operation of the user on the VPN client application and determines that the user selects the combined login mode.
Illustratively, a user opens a VPN client application on a desktop of a terminal device, and clicks on a user interface of the VPN client application to select a federated login manner. Refer specifically to the description of fig. 3, which is not repeated here.
502. And the terminal equipment pops up the browser.
Illustratively, the VPN client application automatically invokes the browser, designates it to access the VPN authentication server, requests a login page, and deploys the VPN authentication server in the public network in response to a user-selected federated login mode operation.
503. The browser sends a page request to the VPN authentication end, wherein the page request is used for requesting the browser to display the data stream required by the login page.
504. The browser receives a data stream from the VPN authentication end and used for displaying a login page.
Illustratively, the browser renders and displays the landing page after receiving the data stream.
505. The browser acquires login information input by a user on a login page.
Illustratively, the user enters login information such as an account number, a password, an enterprise identifier, an authentication code, and the like into a login page.
506. And the browser submits login information to the VPN authentication end.
507. And the VPN authentication end carries out validity verification on the user according to the login information.
508. And aiming at the legal user of the VPN service, the VPN authentication end and the service server carry out mutual trust authentication.
In the application scenario that the service server is an SSO system server, during mutual trust authentication, the VPN authentication server synchronizes authentication information to the SSO system server through a VPN network, for example, the authentication information includes an identity of a user, the VPN authentication server sends a trust request carrying the identity of a legitimate user to the service server, the SSO system server authenticates the user based on the authentication information to determine an access right of the user, it can be understood that the type and number of service services accessed to the SSO system are related to the actual situation of an enterprise client, such as OA service, email service, financial management service, etc., the enterprise client can set different access rights for employees (users), and when the SSO system authenticates the user, it is determined that the user has at least one access right of the service, that is, a feedback of successful login can be fed back to the VPN authentication terminal, and simultaneously generating a login state for the user, wherein the login state only acts on the business service with the access right.
In the subsequent service access process, after the service server receives the service access request of the user, the current state of the user can be confirmed from the SSO system server. If the current state of the user is the login state, the user directly passes through the login state and sends a service response to the VPN server, otherwise, the user refuses to access the terminal, and sends prompt information to the VPN server so that the VPN server sends the prompt information to the terminal equipment, wherein the prompt information is used for prompting that the service access of the terminal equipment fails.
In a specific implementation, the user state can be synchronized between the SSO system server and each accessed service based on a mutual trust communication mechanism, so that the service server does not need to carry out validity verification on the user in the subsequent service access process, the input times of authentication information are reduced, and the error probability is reduced.
Optionally, the communication mechanism includes any one of the following communication mechanisms: a shared Java toolkit (Json web token, JWT), a shared SESSION (SESSION), Security Assertion Markup Language (SAML), or Open Authorization (OAUTH).
By adopting the scheme, the SSO system server can generate any one communication mechanism of shared JWT, shared SESSION, SAML and the like aiming at the user, and the flexibility is high.
509. The VPN authentication end generates a token aiming at a user and sends a trust response carrying the token to the terminal equipment, and the token is used for carrying out validity verification on the VPN client application of the terminal equipment.
Illustratively, the VPN authentication end generates a token for the user login, and the token is carried in a login success response page responding to the browser, so that the browser can acquire the token.
510. The browser activates the VPN client application based on the login success page.
After the browser displays the login success page, activating a VPN client application through steps in the operation page, wherein the script in the login success page invokes the VPN client application through a browser built-in method and takes a token, and therefore the token is transmitted to the VPN client application. The browser built-in method is as follows: appName:// truthLoginToken ═ 123456.
511. And the VPN client application sends an authentication request carrying the token to a VPN server side providing VPN service.
Illustratively, after the VPN client application is activated, a token transmitted by the browser is received, and the token is automatically carried in the authentication request and sent to the VPN server.
After receiving the authentication request, the VPN server verifies the validity of the token to obtain a feedback result so as to determine whether the VPN client application is legal. For example, the VPN server executes step 512: and sending a token verification request to the VPN authentication end so that the VPN authentication end verifies whether the token carried by the token verification request is legal or not to obtain a feedback result. Then, the VPN server executes step 513: and receiving a feedback result from the VPN authentication end.
For another example, before the VPN server receives the authentication request, the VPN server also receives a token from the VPN authentication end, and after the VPN server receives the authentication request, the VPN server verifies the token carried in the authentication request based on the token from the VPN authentication end to obtain a feedback result.
And after obtaining the feedback result, the VPN server sends the feedback result to the VPN client application to complete login. If the feedback result indicates that the VPN client application successfully logs in the service server and the VPN service, the VPN client application can display login success information and display a service access interface for a user to operate; and if the feedback result indicates that the login fails, the VPN client application displays login failure information to the user and refuses the request or operation of the user for the service access interface.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Fig. 6 is a schematic diagram of a login apparatus according to an embodiment of the present application. The login apparatus 600 includes: a processing module 61, a sending module 62 and a receiving module 63.
When the login apparatus 600 is integrated in a VPN authentication terminal deployed in a public network, the actions of the VPN authentication terminal in the above embodiments may be performed, and the processing module 61, the sending module 62, and the receiving module 63 function as follows:
the processing module 61 is used for determining that the user is a legal user of the VPN service;
a sending module 62, configured to send a trust request to a service server deployed in an intranet, where the trust request carries an identity of the user;
a receiving module 63, configured to receive a trust response from the service server, where the trust response is generated by the service server according to a validity verification result of the identity;
the sending module 62 is further configured to send a login response to the terminal device of the user according to the trust response, where the login response is used to indicate whether the user successfully logs in the service server and the VPN service through a browser.
In a feasible implementation manner, the receiving module 63 is further configured to receive a page request sent by the terminal device through a browser, where the page request is used to request that a login page is displayed through the browser, and the login page is used to log in the VPN service and the service server;
the sending module 62 is further configured to send a data stream for displaying the login page to the terminal device;
the receiving module 63 is further configured to receive login information sent by the terminal device through the login page;
the processing module 61 is specifically configured to perform validity verification on the user according to the login information, and determine that the user is a valid user of the VPN service when the login information passes the validity verification.
In a feasible implementation manner, if the trust response indicates that the user is a valid user of the service server, the processing module 61 is further configured to generate a token for the user, where the token is used to perform validity verification on a VPN client application of the terminal device, and the login response carries the token;
the sending module 62 is further configured to send the token to a VPN server that provides the VPN service, so that the VPN server verifies, based on the token, an authentication request sent by the terminal device through a VPN client application to obtain a feedback result; or, the receiving module 63 is further configured to receive a token verification request sent by the VPN server, and verify whether a token carried in the token verification request is legal to obtain a feedback result; the sending module 62 is further configured to send the feedback result to the VPN server, where a token carried in the verification request is obtained by the VPN server from an authentication request sent by the terminal device through a VPN client application;
wherein the feedback result is used for indicating whether the user successfully logs in the business server and the VPN service through the VPN client application.
In a feasible implementation manner, when the processing module 61 verifies whether the token carried in the verification request is legal to obtain a feedback result, the processing module is configured to verify whether the token is generated by the VPN authentication end and whether the state of the token is normal; if the token is generated by the VPN authentication end and the state is normal, generating a feedback result for indicating that the token is legal; otherwise, a feedback result indicating that the token is not legitimate is generated.
When the login apparatus 600 is integrated in a VPN server deployed in a public network, the actions of the VPN server in the above embodiments may be performed, and the processing module 61, the sending module 62 and the receiving module 63 function as follows:
a receiving module 63, configured to receive an authentication request sent by a user through a VPN client application on a terminal device;
a processing module 61, configured to verify the authentication request to obtain a feedback result, and send the feedback result to a VPN client application of the terminal device;
if the feedback result indicates that the VPN client application successfully logs in a service server and the VPN service, establishing a VPN tunnel with the VPN client application so as to receive a service request sent by the user through the VPN client through the VPN tunnel;
a sending module 62, configured to send the service request to the service server.
In a feasible implementation manner, the receiving module 63 is further configured to receive a token generated for the user and sent by a VPN authentication end, and the processing module 61 is configured to verify the token carried in the authentication request based on the token to obtain a feedback result; alternatively, the first and second electrodes may be,
the processing module 61 is configured to generate a token verification request based on a token carried by the authentication request and send the token verification request to a VPN, the sending module 62 is configured to send the token verification request to the VPN authentication end, so that the VPN authentication end verifies the token carried by the verification request to generate the feedback result, and the receiving module 63 is further configured to receive the feedback result returned by the VPN authentication end.
When the login apparatus 600 is integrated in a service server deployed in an intranet, the actions of the service server in the above embodiments may be performed, and the processing module 61, the sending module 62 and the receiving module 63 function as follows:
a receiving module 63, configured to receive a trust request from a VPN authentication end deployed in a public network, where the trust request carries an identity of a user, and the user is a valid user of a VPN service;
a processing module 61, configured to perform validity verification on the user to obtain a validity verification result, where the validity verification result is used to indicate whether the user is a valid user of the service server;
a sending module 62, configured to send a trust response carrying the validity verification result to the VPN authentication end.
Fig. 7 is a schematic diagram of a login apparatus according to an embodiment of the present application. The login apparatus 700 is integrated on a terminal device deployed in a public network, and the login apparatus 700 includes: a processing module 71, a display module 72, a sending module 73 and a receiving module 74.
A processing module 71, configured to obtain, through a browser, a data stream for displaying a login page, where the login page is used to log in a virtual private network VPN service and a service server in an intranet;
a display module 72, configured to display the login page according to the data stream;
a sending module 73, configured to send a login request carrying login information of a user to the VPN authentication end through the login page;
a receiving module 74, configured to receive a login response from the VPN authentication end, where the login response is used to indicate whether the user successfully logs in the service server and the VPN service through a browser.
In a possible implementation manner, the processing module 71 is configured to pop up the browser in response to a click operation on the VPN client application;
the sending module 73 is configured to send a page request to the VPN authentication end through the browser, where the page request is used to request the browser to display the data stream required by the login page;
the receiving module 74 is configured to receive a data stream from the VPN authentication end, where the data stream is used to display the login page.
In a possible implementation manner, after the receiving module 74 receives the login response from the VPN authentication end, the displaying module 72 is further configured to display a login success page according to the login response, where the login success page carries the token;
the processing module 71 is further configured to activate the VPN client application using the login success page;
the sending module 73 is further configured to send, by using the VPN client application, an authentication request carrying the token to a VPN server providing the VPN service;
the receiving module 74 is further configured to receive a feedback result from the VPN server, where the feedback result is used to indicate whether the user successfully logs in the service server and the VPN service through the VPN client application.
In a possible implementation manner, if the feedback result indicates that the user successfully logs in the service server and the VPN service through the VPN client application, the processing module 71 is further configured to request, through the VPN client application, to establish a VPN tunnel with the VPN server;
the sending module 73 is further configured to send a service request to the VPN server through the VPN tunnel.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 8, the electronic device 800 is, for example, the above-mentioned VPN authentication terminal, VPN service terminal, service server or terminal device, and the electronic device 800 includes:
a processor 81 and a memory 82;
the memory 82 stores computer instructions;
the processor 81 executes the computer instructions stored in the memory 82, so that the processor 81 executes the login method implemented by the VPN authentication terminal, the VPN service terminal, the service server or the terminal device as described above.
For a specific implementation process of the processor 81, reference may be made to the above method embodiments, which implement the principle and the technical effect similarly, and details of this embodiment are not described herein again.
Optionally, the electronic device 800 further comprises a communication component 83. The processor 81, the memory 82, and the communication section 83 may be connected by a bus 84.
An embodiment of the present application further provides a computer-readable storage medium, in which computer instructions are stored, and when executed by a processor, the computer instructions are used to implement the login method implemented by the VPN authentication end, the VPN service end, the service server, or the terminal device. .
An embodiment of the present application further provides a computer program product, where the computer program product includes a computer program, and when executed by a processor, the computer program implements the login method implemented by the VPN authentication end, the VPN service end, the service server, or the terminal device. .
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (17)

1. A login method is applied to a Virtual Private Network (VPN) authentication end deployed in a public network, and comprises the following steps:
determining that the user is a legal user of the VPN service;
sending a trust request to a service server deployed in an intranet, wherein the trust request carries the identity of the user;
receiving a trust response from the service server, wherein the trust response is generated by the service server according to the validity verification result of the identity;
and sending a login response to the terminal equipment of the user according to the trust response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through a browser.
2. The method of claim 1, wherein determining that the user is a legitimate user of the VPN service comprises:
receiving a page request sent by the terminal device through a browser, wherein the page request is used for requesting to display a login page through the browser, and the login page is used for logging in the VPN service and the business server;
sending a data stream for displaying the login page to the terminal equipment;
receiving login information sent by the terminal equipment through the login page;
carrying out validity verification on the user according to the login information;
and when the login information passes the validity verification, determining that the user is a valid user of the VPN service.
3. The method according to claim 1 or 2, wherein if the trust response indicates that the user is a valid user of the service server, the method further comprises:
generating a token for the user, wherein the token is used for carrying out validity verification on VPN client application of the terminal equipment, and the login response carries the token;
sending the token to a VPN server side providing the VPN service, so that the VPN server side verifies an authentication request sent by the terminal equipment through VPN client application on the basis of the token to obtain a feedback result; or, receiving a token verification request sent by the VPN server, and verifying whether a token carried by the token verification request is legal or not to obtain a feedback result; sending the feedback result to the VPN server, wherein the token carried by the verification request is obtained by the VPN server from an authentication request sent by the terminal equipment through VPN client application;
wherein the feedback result is used for indicating whether the user successfully logs in the business server and the VPN service through the VPN client application.
4. The method of claim 3, wherein the verifying whether the token carried by the verification request is legal to obtain the feedback result comprises:
verifying whether the token is generated by the VPN authentication end and whether the state of the token is normal; if the token is generated by the VPN authentication end and the state is normal, generating a feedback result for indicating that the token is legal;
otherwise, a feedback result indicating that the token is not legitimate is generated.
5. A login method is applied to a Virtual Private Network (VPN) server deployed in a public network, and comprises the following steps:
receiving an authentication request sent by a user through a VPN client application on terminal equipment;
verifying the authentication request to obtain a feedback result, and sending the feedback result to a VPN client application of the terminal equipment;
if the feedback result indicates that the VPN client application successfully logs in a service server and the VPN service, a VPN tunnel is established with the VPN client application, so that a service request sent by the user through the VPN client is received through the VPN tunnel, and the service request is sent to the service server.
6. The method of claim 5, wherein the verifying the authentication request to obtain a feedback result comprises:
receiving a token generated by a VPN authentication end aiming at the user, and verifying the token carried by the authentication request based on the token to obtain a feedback result; alternatively, the first and second electrodes may be,
and generating a token verification request based on the token carried by the authentication request and sending the token verification request to a VPN authentication end, so that the VPN authentication end verifies the token carried by the verification request to generate the feedback result, and receiving the feedback result returned by the VPN authentication end.
7. A login method is applied to a service server deployed in an intranet, and comprises the following steps:
receiving a trust request from a Virtual Private Network (VPN) authentication end deployed in a public network, wherein the trust request carries an identity of a user, and the user is a legal user of VPN service;
carrying out validity verification on the user to obtain a validity verification result, wherein the validity verification result is used for indicating whether the user is a valid user of the service server or not;
and sending a trust response carrying the validity verification result to the VPN authentication end.
8. A login method is applied to a terminal device and comprises the following steps:
acquiring a data stream for displaying a login page through a browser, wherein the login page is used for logging in a Virtual Private Network (VPN) service and a service server in an intranet;
displaying the login page according to the data stream;
sending a login request carrying login information of a user to a VPN authentication end through the login page;
and receiving a login response from the VPN authentication end, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through a browser.
9. The method of claim 8, wherein the obtaining, by the browser, the data stream for displaying the landing page comprises:
responding to click operation on a VPN client application, and popping up the browser;
sending a page request to the VPN authentication terminal through the browser, wherein the page request is used for requesting the browser to display the data stream required by the login page;
and receiving a data stream from the VPN authentication end and used for displaying the login page.
10. The method according to claim 8, wherein after receiving the login response from the VPN authenticator, further comprising:
displaying a login success page according to the login response, wherein the login success page carries a token;
activating the VPN client application with the login success page;
sending an authentication request carrying the token to a VPN server side providing the VPN service by utilizing the VPN client side application;
and receiving a feedback result from the VPN server, wherein the feedback result is used for indicating whether the user successfully logs in the service server and the VPN service through the VPN client application.
11. The method according to any one of claims 8-10, further comprising:
if the feedback result indicates that the user successfully logs in the service server and the VPN service through the VPN client application, establishing a VPN tunnel with the VPN server through the VPN client application request;
and sending a service request to the VPN server through the VPN tunnel.
12. A login apparatus integrated in a Virtual Private Network (VPN) authentication end deployed in a public network, the apparatus comprising:
the processing module is used for determining that the user is a legal user of the VPN service;
the sending module is used for sending a trust request to a service server deployed in an intranet, wherein the trust request carries the identity of the user;
the receiving module is used for receiving a trust response from the service server, wherein the trust response is generated by the service server according to the validity verification result of the identity;
the sending module is further configured to send a login response to the terminal device of the user according to the trust response, where the login response is used to indicate whether the user successfully logs in the service server and the VPN service through a browser.
13. A login apparatus integrated in a Virtual Private Network (VPN) server deployed in a public network, the apparatus comprising:
the receiving module is used for receiving an authentication request sent by a user through a VPN client application on the terminal equipment;
the processing module is used for verifying the authentication request to obtain a feedback result and sending the feedback result to the VPN client application of the terminal equipment;
if the feedback result indicates that the VPN client application successfully logs in a service server and the VPN service, establishing a VPN tunnel with the VPN client application so as to receive a service request sent by the user through the VPN client through the VPN tunnel;
and the sending module is used for sending the service request to the service server.
14. A login apparatus integrated in a service server deployed in an intranet, the apparatus comprising:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a trust request from a Virtual Private Network (VPN) authentication end deployed in a public network, the trust request carries an identity of a user, and the user is a legal user of VPN service;
the processing module is used for carrying out validity verification on the user to obtain a validity verification result, and the validity verification result is used for indicating whether the user is a valid user of the service server or not;
and the sending module is used for sending a trust response carrying the validity verification result to the VPN authentication end.
15. A login apparatus integrated in a terminal device, the apparatus comprising:
the system comprises a processing module, a browser and a server, wherein the processing module is used for acquiring a data stream for displaying a login page through the browser, and the login page is used for logging in a Virtual Private Network (VPN) service and a service server in an intranet;
the display module is used for displaying the login page according to the data stream;
the sending module is used for sending a login request carrying login information of a user to the VPN authentication end through the login page;
and the receiving module is used for receiving a login response from the VPN authentication end, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through a browser.
16. An electronic device comprising a processor, a memory, and a computer program stored on the memory and executable on the processor, wherein execution of the computer program by the processor causes the electronic device to perform the method of any of claims 1-11.
17. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-11.
CN202110932540.3A 2021-08-13 2021-08-13 Login method, device, equipment and readable storage medium Pending CN113746811A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110932540.3A CN113746811A (en) 2021-08-13 2021-08-13 Login method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110932540.3A CN113746811A (en) 2021-08-13 2021-08-13 Login method, device, equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN113746811A true CN113746811A (en) 2021-12-03

Family

ID=78731213

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110932540.3A Pending CN113746811A (en) 2021-08-13 2021-08-13 Login method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN113746811A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567510A (en) * 2022-03-21 2022-05-31 上海商汤智能科技有限公司 Login authentication method, device, equipment and storage medium
CN115001840A (en) * 2022-06-21 2022-09-02 北京翼辉信息技术有限公司 Agent-based authentication method, system and computer storage medium
CN115134144A (en) * 2022-06-28 2022-09-30 中国工商银行股份有限公司 Enterprise-level business system authentication method, device and system
CN115348168A (en) * 2022-07-21 2022-11-15 金蝶软件(中国)有限公司 Block chain network deployment method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104883353A (en) * 2015-03-31 2015-09-02 深圳市深信服电子科技有限公司 Terminal single sign-on configuration and authentication method and system, and application service system
CN106330918A (en) * 2016-08-26 2017-01-11 杭州迪普科技有限公司 Multi-system login method and device
US20170134370A1 (en) * 2015-11-05 2017-05-11 Red Hat, Inc. Enabling single sign-on authentication for accessing protected network services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104883353A (en) * 2015-03-31 2015-09-02 深圳市深信服电子科技有限公司 Terminal single sign-on configuration and authentication method and system, and application service system
US20160294810A1 (en) * 2015-03-31 2016-10-06 Sangfor Technologies Company Limited Terminal single sign-on configuration, authentication method, and system, and application service system thereof
US20170134370A1 (en) * 2015-11-05 2017-05-11 Red Hat, Inc. Enabling single sign-on authentication for accessing protected network services
CN106330918A (en) * 2016-08-26 2017-01-11 杭州迪普科技有限公司 Multi-system login method and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567510A (en) * 2022-03-21 2022-05-31 上海商汤智能科技有限公司 Login authentication method, device, equipment and storage medium
CN115001840A (en) * 2022-06-21 2022-09-02 北京翼辉信息技术有限公司 Agent-based authentication method, system and computer storage medium
CN115134144A (en) * 2022-06-28 2022-09-30 中国工商银行股份有限公司 Enterprise-level business system authentication method, device and system
CN115348168A (en) * 2022-07-21 2022-11-15 金蝶软件(中国)有限公司 Block chain network deployment method and device
CN115348168B (en) * 2022-07-21 2024-03-19 金蝶软件(中国)有限公司 Deployment method and device of block chain network

Similar Documents

Publication Publication Date Title
US20200336310A1 (en) Coordinating access authorization across multiple systems at different mutual trust levels
US9485239B2 (en) Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
WO2018041078A1 (en) Method, system, proxy server, and computer storage medium for authentication
US8191123B2 (en) Provisioning a network appliance
US8966594B2 (en) Proxy authentication
JP5595586B2 (en) Secure and efficient login and transaction authentication using iPhone ™ and other smart mobile communication devices
US8769291B2 (en) Certificate generation for a network appliance
US8051465B1 (en) Mitigating forgery of electronic submissions
US9654462B2 (en) Late binding authentication
CN113746811A (en) Login method, device, equipment and readable storage medium
US8327426B2 (en) Single sign on with proxy services
US8191122B2 (en) Provisioning a network appliance
JP5662507B2 (en) Authentication method, authentication system, and service providing server
US20100199086A1 (en) Network transaction verification and authentication
JP2015062129A (en) Flexible quasi-out-of-band authentication structure
US9003540B1 (en) Mitigating forgery for active content
US10455025B2 (en) Multi-factor authentication
CN113922982A (en) Login method, electronic device and computer-readable storage medium
CN112583834B (en) Method and device for single sign-on through gateway
US11533309B2 (en) Digital signature injection for user authentication across multiple independent systems
US9210155B2 (en) System and method of extending a host website
CN113742676A (en) Login management method, device, server, system and storage medium
US7996881B1 (en) Modifying a user account during an authentication process
US11063926B1 (en) Devices and methods for single sign-on and regulatory compliance
CN116170234B (en) Single sign-on method and system based on virtual account authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211203