CN114826771B - Security authentication method, system, equipment and readable storage medium - Google Patents
Security authentication method, system, equipment and readable storage medium Download PDFInfo
- Publication number
- CN114826771B CN114826771B CN202210590992.2A CN202210590992A CN114826771B CN 114826771 B CN114826771 B CN 114826771B CN 202210590992 A CN202210590992 A CN 202210590992A CN 114826771 B CN114826771 B CN 114826771B
- Authority
- CN
- China
- Prior art keywords
- authentication
- service
- micro
- target
- identification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000000926 separation method Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 3
- 230000008878 coupling Effects 0.000 abstract description 10
- 238000010168 coupling process Methods 0.000 abstract description 10
- 238000005859 coupling reaction Methods 0.000 abstract description 10
- 238000011161 development Methods 0.000 abstract description 10
- 239000012141 concentrate Substances 0.000 abstract description 6
- 230000008569 process Effects 0.000 description 10
- 230000006399 behavior Effects 0.000 description 9
- 230000009471 action Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012827 research and development Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- Software Systems (AREA)
- Accounting & Taxation (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Economics (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Development Economics (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a security authentication method, which is applied to a unified security authentication platform and comprises the following steps: receiving an authentication request sent by a client, wherein the authentication request comprises authentication information of a user; determining identification information of a target authentication micro service according to the authentication request; invoking the target authentication micro-service from an authentication service background according to the identification information; authenticating the authentication information of the user according to the target authentication micro service to obtain an authentication result; and sending the authentication result to the client. Therefore, the application can realize loose coupling of the front-end transaction system and the authentication mode by constructing the authentication service background integrated with various authentication micro services in advance, receiving the authentication request sent by the client by the unified safety authentication platform during authentication and then calling the corresponding authentication micro service from the authentication service background to carry out authentication according to the authentication request, so that the front-end business system can concentrate on the development and realization of business logic.
Description
Technical Field
The present application relates to the field of communications, and more particularly, to a security authentication method, system, device, and readable storage medium.
Background
In the early construction stage of each system in banking industry, the security authentication means is relatively single, along with the diversification of identity authentication means, the transaction system is commonly present in each industry to continuously accumulate and include a plurality of authentication means, so that when a transaction system developer develops the transaction system, the transaction system developer also needs to process and butt-joint different authentication service background, namely, the front-end business system is tightly coupled with the authentication service, the difficulty of integrating the authentication service is increased, the authentication system needs to maintain a plurality of versions of dynamic libraries, the maintenance and management are inconvenient, and the secondary development difficulty is high. Meanwhile, the authentication modes of the transaction are all preconfigured in the research and development stage, the authentication modes have strong coupling with the service system, if the authentication modes need to be changed, the system program can only be changed again, and the time consumption is long.
Disclosure of Invention
The embodiment of the application provides a security authentication method, a system, equipment and a readable storage medium, which can be used for realizing loose coupling of a front-end transaction system and an authentication mode by constructing an authentication service background integrated with various authentication micro-services in advance, receiving an authentication request sent by a client by a unified security authentication platform during authentication and then calling the corresponding authentication micro-service from the authentication service background to authenticate according to the authentication request, so that the front-end business system can concentrate on development and realization of business logic.
In view of this, the embodiment of the application provides a security authentication method applied to a unified security authentication platform, including:
Receiving an authentication request sent by a client, wherein the authentication request comprises authentication information of a user;
Determining identification information of a target authentication micro service according to the authentication request;
invoking the target authentication micro-service from an authentication service background according to the identification information;
authenticating the authentication information of the user according to the target authentication micro service to obtain an authentication result;
And sending the authentication result to the client.
Optionally, the calling the target authentication micro service from the authentication service background according to the identification information includes:
The identification information is sent to the authentication service background so that the authentication service background can inquire the target authentication micro-service according to the identification information;
and establishing connection with the target authentication micro-service through the authentication service background.
Optionally, before the receiving the authentication request sent by the client, the method further includes:
acquiring a plurality of original authentication services;
separating the original authentication service to obtain a core service;
decoupling the core business to obtain a micro-service component;
combining the micro-service components to obtain an authentication micro-service;
the authentication microservice is stored in an authentication service background.
Optionally, the authentication microservices include at least one of a password authentication microservice, an electronic key USBkey authentication microservice, a one-time password OTP authentication microservice, a face authentication microservice, and an online fast authentication FIDO authentication microservice.
The embodiment of the application also provides a security authentication system which is applied to the unified security authentication platform and comprises the following components:
the receiving unit is used for receiving an authentication request sent by the client, wherein the authentication request comprises authentication information of a user;
a determining unit, configured to determine identification information of a target authentication microservice according to the authentication request;
the calling unit is used for calling the target authentication micro-service from the authentication service background according to the identification information;
the authentication unit is used for authenticating the authentication information of the user according to the target authentication micro-service to obtain an authentication result;
and the sending unit is used for sending the authentication result to the client.
Optionally, the calling unit is specifically configured to:
The identification information is sent to the authentication service background so that the authentication service background can inquire the target authentication micro-service according to the identification information;
and establishing connection with the target authentication micro-service through the authentication service background.
Optionally, the system further comprises:
An acquisition unit configured to acquire a plurality of original authentication services;
The separation unit is used for separating the original authentication service to obtain a core service;
the decoupling unit is used for decoupling the core service to obtain a micro-service component;
A combination unit for combining the micro-service components to obtain an authentication micro-service;
And the storage unit is used for storing the authentication micro-service in an authentication service background.
Optionally, the authentication microservices include at least one of a password authentication microservice, an electronic key USBkey authentication microservice, a one-time password OTP authentication microservice, a face authentication microservice, and an online fast authentication FIDO authentication microservice.
The embodiment of the application also provides computer equipment, which is characterized by comprising the following components: memory, transceiver, processor, and bus system;
wherein the memory is used for storing programs;
The processor is used for executing the programs in the memory to realize the various methods;
The bus system is used for connecting the memory and the processor so as to enable the memory and the processor to communicate.
The embodiments of the present application also provide a computer-readable storage medium, characterized in that instructions are stored that, when run on a computer, cause the computer to perform the various methods as described above.
The embodiment of the application provides a security authentication method which is applied to a unified security authentication platform and comprises the following steps: receiving an authentication request sent by a client, wherein the authentication request comprises authentication information of a user; determining identification information of a target authentication micro service according to the authentication request; invoking the target authentication micro-service from an authentication service background according to the identification information; authenticating the authentication information of the user according to the target authentication micro service to obtain an authentication result; and sending the authentication result to the client. Therefore, the application can realize loose coupling of the front-end transaction system and the authentication mode by constructing the authentication service background integrated with various authentication micro services in advance, receiving the authentication request sent by the client by the unified safety authentication platform during authentication and then calling the corresponding authentication micro service from the authentication service background to carry out authentication according to the authentication request, so that the front-end business system can concentrate on the development and realization of business logic.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a front-end service system tightly coupled with an authentication service according to an embodiment of the present application;
fig. 2 is a schematic flow chart of a security authentication method according to an embodiment of the present application;
fig. 3 is a flow chart of another security authentication method according to an embodiment of the present application;
fig. 4 is a schematic diagram of decoupling core service according to an embodiment of the present application;
fig. 5 is an application schematic diagram of a unified security authentication platform according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of a security authentication system according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, some terms that may be related to the present application will be explained:
Micro-services: microservices emphasize a highly autonomous architecture model of independent development, independent testing, independent deployment, independent operation. The micro-service architecture style is a method of developing a single application into a set of small services, each running in its own process, with inter-service communication employing a lightweight communication mechanism (typically using HTTP resource APIs). These services are built around business capabilities and can be deployed independently through fully automated deployment mechanisms, and services can be developed in different languages using different data storage technologies.
Tightly coupling: the relationship between modules or systems is too tight and there are interactions. A disadvantage of tight coupling is that updating the results of one module results in a change in the results of the other modules, making it difficult to reuse a particular associated module.
Loose coupling: the consumer and the service side do not know how the other side is realized, and as long as the mutual communication messages accord with the negotiated architecture, the realization of the client or the service can be changed according to the needs without worrying about damaging the other side.
In the early construction period of each system in banking industry, the security authentication means is relatively single, along with the diversification of the identity authentication means, the transaction system is commonly present in each industry to continuously accumulate and include a plurality of authentication means, so that when a transaction system developer develops the transaction system, the transaction system developer needs to process and butt-joint different authentication service background, namely, the front-end business system is tightly coupled with the authentication service, and thus, the difficulty of integrating the authentication service can be increased, the authentication system needs to maintain a plurality of versions of dynamic libraries, the maintenance and management are inconvenient, and the secondary development difficulty is high. Meanwhile, the authentication modes of the transaction are all preconfigured in the research and development stage, the authentication modes have strong coupling with the service system, if the authentication modes need to be changed, the system program can only be changed again, and the time consumption is long.
Therefore, in view of the above problems, embodiments of the present application provide a secure authentication method, system, device, and readable storage medium, which can implement loose coupling between a front-end transaction system and an authentication manner by constructing in advance an authentication service background integrated with multiple authentication micro services, receiving, by a unified secure authentication platform, an authentication request sent by a client during authentication, and then invoking a corresponding authentication micro service from the authentication service background to perform authentication according to the authentication request, so that the front-end transaction system can concentrate on development and implementation of service logic.
Referring to fig. 2, a security authentication method provided by an embodiment of the present application includes the following steps.
S201, receiving an authentication request sent by a client.
In this embodiment, the unified security authentication platform may receive an authentication request sent by the client. The authentication request may include an authentication mode and authentication information of the user, and the client may be a front-end service system or other mobile terminals. It can be understood that each service can adopt different authentication modes to authenticate the identity information of the user, and the authentication modes are different, and the authentication information required to be provided by the user may be different. The authentication request transmitted by the client may include not only the authentication method but also authentication information of the user corresponding to the authentication method.
S202, determining identification information of the target authentication micro-service according to the authentication request.
In this embodiment, the unified security authentication platform may determine the identification information of the target authentication microservice according to the authentication request sent by the client. Specifically, the unified security authentication platform may determine, according to an authentication manner carried in the authentication request, a target authentication micro-service corresponding to the authentication manner, and then determine identification information of the target authentication micro-service.
S203, calling the target authentication micro-service from the authentication service background according to the identification information.
In this embodiment, after determining the identification information of the target authentication micro-service, the unified security authentication platform may invoke the target authentication micro-service from the authentication service background according to the identification information. Specifically, the unified security authentication platform can send the identification information of the target authentication micro-service to the authentication service background, the authentication service background inquires the corresponding target authentication micro-service according to the identification information, and then connection with the target authentication micro-service is established through the authentication service background. It can be understood that a plurality of authentication micro-services are integrated in the pre-built authentication service background, after the identification information of the target authentication micro-services sent by the unified security authentication platform is received, the authentication service background can find out the corresponding target authentication micro-services according to the identification information, and then communication connection between the target authentication micro-services and the front-end authentication system is built so as to facilitate the realization of related authentication flows.
S204, authenticating the authentication information of the user according to the target authentication micro service to obtain an authentication result.
In this embodiment, after the unified security authentication platform establishes a connection with the target authentication micro service, the unified security authentication platform may authenticate the authentication information of the user according to the target authentication micro service to obtain an authentication result. It can be understood that the unified security authentication platform can send the authentication information of the user to the target authentication micro-service, and the target authentication micro-service authenticates the authentication information of the user to obtain an authentication result, and the authentication result can be authentication passing or authentication failure.
S205, sending the authentication result to the client.
In this embodiment, after the unified security authentication platform obtains the authentication result, the authentication result may be returned to the client, so that the client displays the authentication result.
The embodiment of the application provides a security authentication method which is applied to a unified security authentication platform and comprises the following steps: receiving an authentication request sent by a client, wherein the authentication request comprises authentication information of a user; determining identification information of a target authentication micro service according to the authentication request; invoking the target authentication micro-service from an authentication service background according to the identification information; authenticating the authentication information of the user according to the target authentication micro service to obtain an authentication result; and sending the authentication result to the client. Therefore, the application can realize loose coupling of the front-end transaction system and the authentication mode by constructing the authentication service background integrated with various authentication micro services in advance, receiving the authentication request sent by the client by the unified safety authentication platform during authentication and then calling the corresponding authentication micro service from the authentication service background to carry out authentication according to the authentication request, so that the front-end business system can concentrate on the development and realization of business logic.
Referring to fig. 3, the present application further provides another security authentication method, before the step S101, the method may further include:
s301, acquiring various original authentication services.
In this embodiment, the unified security authentication platform may obtain multiple original authentication services tightly coupled to the front-end service system, where the original authentication services may include a password authentication service, an electronic key usb key authentication service, a one-time password (One Time Password, OTP) authentication service, a face authentication service, an Online fast authentication (FAST IDENTITY Online, FIDO) authentication service, and the like.
S302, separating the original authentication service to obtain a core service.
In this embodiment, after obtaining multiple original authentication services, the original authentication services may be separated to obtain core services.
Specifically, the embodiment may perform micro-service division on the original authentication service based on the s++ theory. The S++ theory proposes that the abstract process of the micro-service is a process of separating business from technology, the inference is that the abstract service has space-time invariance, and the checking means is whether the service with space-time invariance can be obtained. S++ theory considers that the core invariant elements of the service are behaviors, the participants, the technology and the presentation form can be changed, subtraction can be applied to the system service division, the non-core behavior part is stripped, and the rest is the service with space-time invariance.
When the original authentication service is separated to obtain the core service, from the aspect of service behavior, the following steps can be stripped:
1) Query behavior, which is the presentation of the business state, not the business itself;
2) Secondly, stripping and checking actions, which are technical guarantees to the service and are not the service itself;
3) Finally, the management behavior can be stripped, which is maintenance for the business participants, not the business itself.
S303, decoupling the core service to obtain a micro-service component.
In this implementation, after the core service is obtained, the core service may be further decoupled to obtain the micro service component.
Specifically, referring to fig. 4, decoupling the core traffic may include:
1) The separation of pure technical elements, which are generally related to the implementation of the system, and the business itself is irrelevant, generally includes, but is not limited to: various serial numbers, operator related content, system and channel related information, various verification codes, session and token information, signature and encryption information, and the like.
2) The service participants are separated, and the participants are persons, organizations and objects participating in the service behavior, in particular, can be various participants for the service.
3) And separating the atomic behaviors, and separating the rest business behaviors into one or more atomic behaviors which are not separable. The business actions of the atoms such as identity authentication, log recording, service fusing, data statistics and the like are services with time-space invariance obtained by our governance method, and the actions cannot change in any essence in the foreseeable future.
S304, combining the micro-service components to obtain the authentication micro-service.
In this embodiment, after the micro service component is obtained, the micro service component may be recombined to obtain multiple authentication micro services. The authentication micro-service obtained after combination can comprise at least one of password authentication micro-service, electronic key USBkey authentication micro-service, one-time password (One Time Password, OTP) authentication micro-service, face authentication micro-service and on-line fast authentication (FAST IDENTITY Online, FIDO) authentication micro-service.
And S305, storing the authentication micro service in an authentication service background.
In this embodiment, after the authentication micro service is obtained, the authentication micro service may be stored in the authentication service background. Specifically, the unified security authentication platform may generate an identification information for each authentication micro service, and store the correspondence between the identification information and the authentication micro service integration in the authentication service background. It will be appreciated that, as shown in fig. 5, the authentication service background is a pre-constructed platform for storing authentication micro-services, and provides a uniform service interface to the outside.
The embodiment of the application has the following advantages:
1) Simplifying the front-end business system to call an authentication service mode: by uniformly controlling various security authentication services, a uniform interface (such as http+json) is provided for providing authentication services for a front-end service system, so that the manner of using the security authentication services by consumers is simplified;
2) Decoupling the authentication mode from the service system: the method comprises the steps of transferring a secure authentication service mode of a prior channel to a unified secure authentication platform, and decoupling the authentication mode from a service system;
3) And the authentication system is convenient for post maintenance: the external output interface of each authentication system is simplified, so that the post maintenance, secondary development, test joint debugging and other works are facilitated;
4) The division of the micro-services is more reasonable, and although the divided micro-services can be divided into a plurality of authentication categories, finer micro-services corresponding to each authentication category have time-space invariance and are not disordered.
In the embodiment of the application, the authentication service background integrated with various authentication micro services can be constructed in advance, the unified safety authentication platform receives the authentication request sent by the client during authentication, and then the corresponding authentication micro service is called from the authentication service background to carry out authentication according to the authentication request, so that the front-end transaction system and the authentication mode are loosely coupled, and the front-end business system can concentrate on the development and realization of business logic.
Referring to fig. 6, the embodiment of the application further provides a security authentication system applied to a unified security authentication platform, including:
A receiving unit 601, configured to receive an authentication request sent by a client, where the authentication request includes authentication information of a user;
a determining unit 602, configured to determine identification information of a target authentication micro service according to the authentication request;
A calling unit 603, configured to call the target authentication micro service from the authentication service background according to the identification information;
An authentication unit 604, configured to authenticate the authentication information of the user according to the target authentication micro service, so as to obtain an authentication result;
and a sending unit 605, configured to send the authentication result to the client.
Optionally, the calling unit 603 is specifically configured to:
The identification information is sent to the authentication service background so that the authentication service background can inquire the target authentication micro-service according to the identification information;
and establishing connection with the target authentication micro-service through the authentication service background.
Optionally, the system further comprises:
An acquisition unit configured to acquire a plurality of original authentication services;
the separation unit is used for separating the original authentication service to obtain a core service;
the decoupling unit is used for decoupling the core service to obtain a micro-service component;
A combination unit for combining the micro-service components to obtain an authentication micro-service;
And the storage unit is used for storing the authentication micro-service in an authentication service background.
Optionally, the authentication microservices include at least one of a password authentication microservice, an electronic key USBkey authentication microservice, a one-time password OTP authentication microservice, a face authentication microservice, and an online fast authentication FIDO authentication microservice.
The embodiment of the application also provides computer equipment, which comprises: memory, transceiver, processor, and bus system;
wherein the memory is used for storing programs;
The processor is used for executing the program in the memory to realize the security authentication method;
The bus system is used for connecting the memory and the processor so as to enable the memory and the processor to communicate.
The embodiments of the present application also provide a computer readable storage medium storing instructions that, when executed on a computer, cause the computer to perform a security authentication method as described above.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (6)
1. The security authentication method is characterized by being applied to a unified security authentication platform and comprising the following steps of:
acquiring a plurality of original authentication services;
separating the original authentication service to obtain a core service;
decoupling the core business to obtain a micro-service component;
Combining the micro-service components to obtain an authentication micro-service, wherein the authentication micro-service comprises at least one of a password authentication micro-service, a USBkey authentication micro-service, a one-time password OTP authentication micro-service, a face authentication micro-service and an on-line quick identity verification FIDO authentication micro-service;
Storing the authentication microservice in an authentication service background;
Receiving an authentication request sent by a client, wherein the authentication request comprises authentication information of a user;
Determining identification information of a target authentication micro service according to the authentication request;
invoking the target authentication micro-service from an authentication service background according to the identification information;
authenticating the authentication information of the user according to the target authentication micro service to obtain an authentication result;
And sending the authentication result to the client.
2. The method of claim 1, wherein invoking the target authentication micro-service from an authentication service background based on the identification information comprises:
The identification information is sent to the authentication service background so that the authentication service background can inquire the target authentication micro-service according to the identification information;
and establishing connection with the target authentication micro-service through the authentication service background.
3. A security authentication system, for use with a unified security authentication platform, comprising:
An acquisition unit configured to acquire a plurality of original authentication services;
The separation unit is used for separating the original authentication service to obtain a core service;
The decoupling unit is used for decoupling the core service to obtain a micro-service component;
The combination unit is used for combining the micro-service components to obtain an authentication micro-service, wherein the authentication micro-service comprises at least one of a password authentication micro-service, an electronic key USBkey authentication micro-service, a one-time password OTP authentication micro-service, a face authentication micro-service and an on-line quick identity verification FIDO authentication micro-service;
a storage unit that stores the authentication microservice in an authentication service background;
the receiving unit is used for receiving an authentication request sent by the client, wherein the authentication request comprises authentication information of a user;
a determining unit, configured to determine identification information of a target authentication microservice according to the authentication request;
the calling unit is used for calling the target authentication micro-service from the authentication service background according to the identification information;
the authentication unit is used for authenticating the authentication information of the user according to the target authentication micro-service to obtain an authentication result;
and the sending unit is used for sending the authentication result to the client.
4. A system according to claim 3, wherein the calling unit is specifically configured to:
The identification information is sent to the authentication service background so that the authentication service background can inquire the target authentication micro-service according to the identification information;
and establishing connection with the target authentication micro-service through the authentication service background.
5. A computer device, comprising: memory, transceiver, processor, and bus system;
wherein the memory is used for storing programs;
The processor being configured to execute a program in the memory to implement the method of any one of claims 1 to 2;
The bus system is used for connecting the memory and the processor so as to enable the memory and the processor to communicate.
6. A computer readable storage medium storing instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210590992.2A CN114826771B (en) | 2022-05-27 | 2022-05-27 | Security authentication method, system, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210590992.2A CN114826771B (en) | 2022-05-27 | 2022-05-27 | Security authentication method, system, equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114826771A CN114826771A (en) | 2022-07-29 |
| CN114826771B true CN114826771B (en) | 2024-08-06 |
Family
ID=82519420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210590992.2A Active CN114826771B (en) | 2022-05-27 | 2022-05-27 | Security authentication method, system, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114826771B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474863A (en) * | 2018-05-10 | 2019-11-19 | 中国移动通信集团浙江有限公司 | Micro services safety certifying method and device |
| CN112532413A (en) * | 2019-09-18 | 2021-03-19 | 亦非云互联网技术(上海)有限公司 | Business support Saas system, method, medium and device based on micro-service architecture |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10397331B2 (en) * | 2016-01-29 | 2019-08-27 | General Electric Company | Development platform for industrial internet applications |
| US11216539B2 (en) * | 2018-10-19 | 2022-01-04 | Oracle International Corporation | Authorization proxy platform |
| CN109981561B (en) * | 2019-01-17 | 2020-05-22 | 华南理工大学 | User authentication method for migrating single-body architecture system to micro-service architecture |
| CN111314380B (en) * | 2020-03-20 | 2023-01-24 | 浪潮通用软件有限公司 | Authentication system, equipment and medium based on micro service |
| FR3108746B1 (en) * | 2020-03-27 | 2022-04-01 | Bull Sas | Method and system for discovering and registering new microservices for a unified governance platform of a plurality of supercomputing solutions |
| CN111711610B (en) * | 2020-05-21 | 2022-05-10 | 深圳竹云科技有限公司 | Authentication method, system, computing device and computer readable storage medium based on micro service architecture |
-
2022
- 2022-05-27 CN CN202210590992.2A patent/CN114826771B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474863A (en) * | 2018-05-10 | 2019-11-19 | 中国移动通信集团浙江有限公司 | Micro services safety certifying method and device |
| CN112532413A (en) * | 2019-09-18 | 2021-03-19 | 亦非云互联网技术(上海)有限公司 | Business support Saas system, method, medium and device based on micro-service architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114826771A (en) | 2022-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ibsen et al. | Camel in action | |
| CN110651241A (en) | Connecting multiple mobile devices to a smart home assistant account | |
| CN109146679A (en) | Intelligent contract call method and device, electronic equipment based on block chain | |
| EP3907931A1 (en) | Blockchain-implemented system and method | |
| KR101757149B1 (en) | Smart device application autotest method using permission booster | |
| CN111930288B (en) | Interactive service processing method and system | |
| US11748081B2 (en) | System and method for application release orchestration and deployment | |
| CN112613877A (en) | Intelligent contract triggering method and device applied to block chain network and related equipment | |
| CN114594934A (en) | Visual page generation method, device, equipment and medium | |
| CN110928534B (en) | Workflow node authentication method and device based on block chain | |
| CN113726890A (en) | Block chain data service-oriented federal prediction method and system | |
| CN108965232A (en) | Information processing system, control method and its storage medium | |
| US10149160B2 (en) | Recognizing and authenticating mobile devices based on unique cross-channel bindings | |
| CN114826771B (en) | Security authentication method, system, equipment and readable storage medium | |
| CN104753940B (en) | A kind of method to issue invoice, common invoice self-service terminal and server | |
| CN117333263A (en) | Method, device and equipment for data display and computer storage medium | |
| CN106411523B (en) | Bank card password generation method, verification method, equipment and system | |
| CN111402083B (en) | Resource information processing method and device, storage medium and terminal | |
| CN114816361A (en) | Method, device, equipment, medium and program product for generating splicing project | |
| CN115687064A (en) | Intelligent contract testing method based on block chain and related equipment | |
| CN106998321B (en) | Authentication processing method, device and system | |
| KR102480054B1 (en) | Method for securely connecting a watch to a remote server | |
| CN116996239A (en) | Cloud resource access method, device, equipment and storage medium | |
| CN115604666A (en) | Method and system for calling local APP by third-party micro-application | |
| CN117726337A (en) | Transaction information processing method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |