CN114978675A - Access authentication method and device, electronic equipment and storage medium - Google Patents

Access authentication method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114978675A
CN114978675A CN202210549051.4A CN202210549051A CN114978675A CN 114978675 A CN114978675 A CN 114978675A CN 202210549051 A CN202210549051 A CN 202210549051A CN 114978675 A CN114978675 A CN 114978675A
Authority
CN
China
Prior art keywords
client
authentication
instruction
authorization
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210549051.4A
Other languages
Chinese (zh)
Other versions
CN114978675B (en
Inventor
李林
房宝祥
丁武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liaoning Huadun Safety Technology Co ltd
Original Assignee
Liaoning Huadun Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liaoning Huadun Safety Technology Co ltd filed Critical Liaoning Huadun Safety Technology Co ltd
Priority to CN202210549051.4A priority Critical patent/CN114978675B/en
Publication of CN114978675A publication Critical patent/CN114978675A/en
Application granted granted Critical
Publication of CN114978675B publication Critical patent/CN114978675B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data security, and discloses an access authentication method, an access authentication device, electronic equipment and a medium, wherein the method comprises the following steps: starting a client according to a client starting instruction input by a user, receiving an authentication instruction returned by the client, applying authorization to the user according to the authentication instruction to obtain an authorization instruction, applying to a pre-constructed authentication server by using the authorization instruction to obtain a token, applying to a pre-constructed resource server by using the token to access resources, and extracting the access resources from the resource server to the client when receiving a passing message that the resource server authenticates that the token passes. The invention can solve the problems of low data access safety or complicated access authentication and excessive consumption of manpower and material resources.

Description

Access authentication method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of data security technologies, and in particular, to an access authentication method and apparatus, an electronic device, and a computer-readable storage medium.
Background
With the development of information technology, data access forms become more diversified, and how to improve access security in diversified data access is an urgent problem to be solved.
At present, security measures for data access are mainly completed based on user login information or a block chain, but a security verification method based on the user login information is low in security and easy to steal information, and although the security is high, access authentication is too complicated, and resources such as too much manpower and material resources are consumed.
Disclosure of Invention
The invention provides an access authentication method, an access authentication device, electronic equipment and a computer readable storage medium, and mainly aims to solve the problems of low data access security or complex access authentication and excessive consumption of manpower and material resources.
In order to achieve the above object, an access authentication method provided by the present invention includes:
starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client;
applying for authorization to the user according to the authentication instruction to obtain an authorization instruction;
applying for a token from a pre-constructed authentication server by using the authorization instruction;
and applying for accessing resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when a passing message that the resource server authenticates that the token passes is received.
Optionally, the applying for authorization to the user according to the authentication instruction to obtain an authorization instruction includes:
connecting the authentication server by using the client;
when the authentication server is successfully connected, generating whether to authorize a query message in the authentication server and sending the query message to the user;
when the user inputs forbidding authorization, the access authentication fails, and the client is started again according to a client starting instruction input by the user;
generating the authorization instruction with the authentication server when a user input allows authorization.
Optionally, the applying for authorization to the user according to the authentication instruction to obtain an authorization instruction further includes:
executing program registration operation in the authentication server according to the program information of the client;
judging whether the program registration operation is successful, if the program registration operation is failed, checking the correctness of the program information of the client, and re-acquiring the program information corrected by the client;
and if the program registration operation is successful, generating the directional URL of the client in the authentication server.
Optionally, the applying for the token from the pre-constructed authentication server by using the authorization instruction includes:
accessing the authentication server using the authorization instruction;
extracting the directional URL and generating an authorization code at the authentication server;
sending the authorization code to the client according to the directional URL, and when the client receives the authorization code, returning the authorization code to the authentication server;
generating the token for the client when the authentication server receives the authorization code.
Optionally, the applying for the token from the pre-constructed authentication server by using the authorization instruction may further include:
accessing the authentication server by using the authorization instruction, extracting the directional URL at the authentication server, and adding the token in the directional URL;
generating a token test instruction by using the client, and accessing the resource server according to the token test instruction;
when the resource server responds to the token test instruction, embedding the directional URL added with the token into a pre-constructed test webpage, and returning the test webpage including the token to the client;
and extracting the token from the test webpage by using the client.
Optionally, the receiving the authentication instruction returned by the client includes:
starting the user login information window according to the client starting instruction;
receiving user login information input by a user in the user login information window;
packaging the user login information into information to be authenticated, and transmitting the information to be authenticated to the client;
and when the client side passes the authentication of the information to be authenticated, generating an authentication instruction and transmitting the authentication instruction back to the user.
Optionally, the executing, according to the program information of the client, a program registration operation in the authentication server includes:
receiving a client plug-in corresponding to the client, and extracting client registration information from the client plug-in;
checking the integrity of the client registration information until the client registration information is complete, and converting the client registration information into a JSON format character array;
and sending data to the authentication server to execute program registration operation based on an HTTP protocol.
In order to solve the above problem, the present invention also provides an access authentication apparatus, comprising:
the authentication instruction feedback module is used for starting the client according to a client starting instruction input by a user and receiving an authentication instruction returned by the client;
the authorization instruction generating module is used for applying authorization to the user according to the authentication instruction to obtain an authorization instruction;
the token application module is used for applying for a pre-constructed authentication server by using the authorization instruction to obtain a token;
and the resource acquisition module is used for applying for accessing resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when receiving a passing message that the resource server authenticates that the token passes.
In order to solve the above problem, the present invention also provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to implement the access authentication method described above.
In order to solve the above problem, the present invention also provides a computer-readable storage medium having at least one computer program stored therein, the at least one computer program being executed by a processor in an electronic device to implement the access authentication method described above.
Compared with the background art: for finishing authentication access based on user login information or a block chain, the embodiment of the invention starts a client according to a client starting instruction input by a user, receives an authentication instruction returned by the client, can judge whether the client normally works or not through the authentication instruction returned by the client, then applies for authorization to the user according to the authentication instruction to obtain an authorization instruction, and applies for a pre-constructed authentication server to obtain a token through the authorization instruction of the user, and the embodiment of the invention does not directly execute access authentication by using the user login information, but applies for a token from a third party through the authorization instruction of the user, wherein the third party is the authentication server, finally applies for access resources to the pre-constructed resource server by using the token, and when a passing message that the token passes the authentication of the resource server is received, compared with the access authentication based on the block chain, the embodiment of the invention weakens the common authentication of all nodes and reduces the resource consumption. Therefore, the access authentication method, the access authentication device, the electronic equipment and the computer readable storage medium provided by the invention can solve the problems of low data access security or complicated access authentication and excessive consumption of manpower and material resources.
Drawings
Fig. 1 is a schematic flowchart of an access authentication method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of S2 in the access authentication method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of S3 in the access authentication method according to an embodiment of the present invention;
fig. 4 is a block diagram of an access authentication apparatus according to an embodiment of the present invention;
fig. 5 is a schematic internal structural diagram of an electronic device implementing an access authentication method according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides an access authentication method. The execution subject of the access authentication method includes, but is not limited to, at least one of electronic devices such as a server and a terminal that can be configured to execute the method provided by the embodiments of the present application. In other words, the access authentication method may be performed by software or hardware installed in the terminal device or the server device, and the software may be a blockchain platform. The server includes but is not limited to: the cloud server can be an independent server, or can be a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like.
Fig. 1 is a schematic flowchart of an access authentication method according to an embodiment of the present invention. In an embodiment of the present invention, the access authentication method includes:
and S1, starting the client according to the client starting instruction input by the user, and receiving the authentication instruction returned by the client.
In the embodiment of the present invention, the client start instruction is a start request obtained by a user by triggering a client, for example, if the user is a program developer and wants to open a program editor locally first, the program editor is the client, and a start instruction automatically triggered by the user opening the program editor is the client start instruction.
Further, after the client start instruction is generated, to improve security, an authentication operation needs to be performed on the user, and in detail, the receiving the authentication instruction returned by the client includes:
starting the user login information window according to the client starting instruction;
receiving user login information input by a user in the user login information window;
packaging the user login information into information to be authenticated, and transmitting the information to be authenticated to the client;
and when the client side passes the authentication of the information to be authenticated, generating an authentication instruction and transmitting the authentication instruction back to the user.
Illustratively, as mentioned above, the program developer inputs user login information in the program editor, where the user login information includes a login name and a login password, and the program editor verifies whether the login name and the login password are consistent with those previously stored in the database, and if so, automatically triggers an authentication program pre-built in the program editor to generate an authentication instruction.
S2, applying for authorization to the user according to the authentication instruction to obtain an authorization instruction.
In detail, referring to fig. 2, the applying for authorization from the authentication instruction to the user to obtain an authorization instruction includes:
s21, connecting the authentication server by the client;
s22, when the connection with the authentication server is successful, generating whether to authorize a query message in the authentication server and sending the query message to the user;
s23, when the user inputs forbidding authorization, the access authentication fails, and the client is started again according to the client starting instruction input by the user;
and S24, when the user inputs permission to authorize, generating the authorization instruction by the authentication server.
It should be emphasized that, for a networked client to perform access authentication by using the internet, first, registration is performed in a service provider where the client is located, where a registration server provided by the service provider is the authentication server. Therefore, the applying for authorization to the user according to the authentication instruction to obtain an authorization instruction further includes:
executing program registration operation in the authentication server according to the program information of the client;
judging whether the program registration operation is successful, if the program registration operation is failed, checking the correctness of the program information of the client, and re-acquiring the program information corrected by the client;
and if the program registration operation is successful, generating the directional URL of the client in the authentication server.
Further, the executing, according to the program information of the client, a program registration operation in the authentication server includes:
receiving a client plug-in corresponding to the client, and extracting client registration information from the client plug-in;
checking the integrity of the client registration information until the client registration information is complete, and converting the client registration information into a JSON format character array;
and sending data to the authentication server to execute program registration operation based on an HTTP protocol.
It should be explained that the client plug-in typically pre-packages the visual installer package, including client registration information, with the package for developers. It should be emphasized that the specific content of the registration information of different clients is different, and may include a network access license number, a client port number, a client product device number, and the like.
Further, for effective propagation of the client registration information, the client registration information needs to be converted into a JSON format character array, the JSON format character array is transmitted to the authentication server by using an HTTP protocol, and after the authentication server receives the JSON format character array, the storage preparation is executed in an internal database, so that the program registration operation is completed.
In addition, after the program registration operation is successful, a registration success identifier, namely the directional URL of the client side, is generated, and the directional URL also has the function of accessing the client side.
And S3, applying for a token from a pre-constructed authentication server by using the authorization instruction.
In detail, referring to fig. 3, the applying for obtaining a token from a pre-built authentication server by using the authorization instruction includes:
s31, accessing the authentication server by using the authorization instruction;
s32, extracting the directional URL at the authentication server and generating an authorization code;
s33, sending the authorization code to the client according to the directional URL, and when the client receives the authorization code, returning the authorization code to the authentication server;
s34, when the authentication server receives the authorization code, generating the token for the client.
According to the foregoing, after the program registration operation is successful, a registration success identifier, that is, the directional URL of the client is generated, so that it is necessary to extract the directional URL and the authorization code for issuing the token from the authentication server, and in addition, since the directional URL also has an effect of accessing the client, the authorization code is sent to the client by using the directional URL, and the token is generated for the client by using the authentication server until a response according to the authorization code is obtained from the client.
In another embodiment of the present invention, the applying for obtaining the token from the pre-built authentication server by using the authorization instruction includes:
accessing the authentication server by using the authorization instruction, extracting the directional URL at the authentication server, and adding the token in the directional URL;
generating a token test instruction by using the client, and accessing a pre-constructed resource server according to the token test instruction;
when the resource server responds to the token test instruction, embedding the directional URL added with the token into a pre-constructed test webpage, and returning the test webpage including the token to the client;
and extracting the token from the test webpage by using the client.
It should be explained that, in another embodiment of the present invention, when executing a token request, in order to improve subsequent authentication efficiency, it is further tested whether a resource server will respond to the token test instruction, and when the resource server responds to the token test instruction, a test web page including a token is constructed and pushed to a client, so as to complete a token application.
S4, applying for access resources from the pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when receiving a passing message that the resource server authenticates that the token passes.
It should be understood that, since the token is equivalent to an access pass between different servers, after the client takes the token issued by the authentication server, the client can directly apply for accessing the resource from the resource server bound with the authentication server.
For example, after the program developer opens the program editor, it is desirable to extract the codes written by other developers from the resource server, and after completing operations such as token application and authentication, the codes written by other developers can be directly extracted from the resource server and sent to the program editor.
Compared with the background art: for finishing authentication access based on user login information or a block chain, the embodiment of the invention starts a client according to a client starting instruction input by a user, receives an authentication instruction returned by the client, can judge whether the client normally works or not through the authentication instruction returned by the client, then applies for authorization to the user according to the authentication instruction to obtain an authorization instruction, and applies for a pre-constructed authentication server to obtain a token through the authorization instruction of the user, and the embodiment of the invention does not directly execute access authentication by using the user login information, but applies for a token from a third party through the authorization instruction of the user, wherein the third party is the authentication server, finally applies for access resources to the pre-constructed resource server by using the token, and when a passing message that the token passes the authentication of the resource server is received, compared with the access authentication based on the block chain, the embodiment of the invention weakens the common authentication of all nodes and reduces the resource consumption. Therefore, the access authentication method, the access authentication device, the electronic equipment and the computer readable storage medium provided by the invention can solve the problems of low data access security or complicated access authentication and excessive consumption of manpower and material resources.
Fig. 4 is a functional block diagram of the access authentication device according to the present invention.
The access authentication apparatus 100 according to the present invention may be installed in an electronic device. According to the implemented functions, the access authentication device may include an authentication instruction returning module 101, an authorization instruction generating module 102, a token applying module 103, and a resource obtaining module 104. A module according to the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the authentication instruction returning module 101 is configured to start a client according to a client start instruction input by a user, and receive an authentication instruction returned by the client;
the authorization instruction generating module 102 is configured to apply for authorization to the user according to the authentication instruction to obtain an authorization instruction;
the token application module 103 is configured to apply for a token from a pre-constructed authentication server by using the authorization instruction;
the resource obtaining module 104 is configured to apply for an access resource to a pre-built resource server by using the token, and extract the access resource from the resource server to the client when a passing message that the resource server authenticates that the token passes is received.
In detail, when the modules in the access authentication apparatus 100 in the embodiment of the present invention are used, the same technical means as the access authentication method described in fig. 1 above are used, and the same technical effects can be produced, which is not described herein again.
Fig. 5 is a schematic structural diagram of an electronic device 1 implementing the access authentication method according to the present invention.
The electronic device 1 may include a processor 10, a memory 11, a communication bus 12, and a communication interface 13, and may further include a computer program, such as an access authentication method program, stored in the memory 11 and executable on the processor 10.
In some embodiments, the processor 10 may be composed of an integrated circuit, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same function or different functions, and includes one or more Central Processing Units (CPUs), a microprocessor, a digital Processing chip, a graphics processor, a combination of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device 1, connects various components of the whole electronic device 1 by using various interfaces and lines, and executes various functions of the electronic device 1 and processes data by running or executing programs or modules (for example, executing an access authentication method program, etc.) stored in the memory 11 and calling data stored in the memory 11.
The memory 11 includes at least one type of readable storage medium including flash memory, removable hard disks, multimedia cards, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disks, optical disks, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of access authentication method programs, etc., but also to temporarily store data that has been output or is to be output.
The communication bus 12 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
The communication interface 13 is used for communication between the electronic device 1 and other devices, and includes a network interface and a user interface. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 1 and other electronic devices 1. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
Fig. 5 shows only the electronic device 1 with components, and it will be understood by those skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The access authentication method program stored in the memory 11 of the electronic device 1 is a combination of a plurality of computer programs, and when running in the processor 10, can realize:
starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client;
applying for authorization to the user according to the authentication instruction to obtain an authorization instruction;
applying for a token to a pre-constructed authentication server by using the authorization instruction;
and applying for accessing resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when a passing message that the resource server authenticates that the token passes is received.
Specifically, the processor 10 may refer to the description of the relevant steps in the embodiment corresponding to fig. 1 for a specific implementation method of the computer program, which is not described herein again.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a non-volatile computer-readable storage medium. The computer readable storage medium may be volatile or non-volatile. For example, the computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
The present invention also provides a computer-readable storage medium, storing a computer program which, when executed by a processor of an electronic device 1, may implement:
starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client;
applying for authorization to the user according to the authentication instruction to obtain an authorization instruction;
applying for a token from a pre-constructed authentication server by using the authorization instruction;
and applying for accessing resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when a passing message that the resource server authenticates that the token passes is received.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The embodiment of the application can acquire and process related data based on an artificial intelligence technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. An access authentication method, the method comprising:
starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client;
applying for authorization to the user according to the authentication instruction to obtain an authorization instruction;
applying for a token from a pre-constructed authentication server by using the authorization instruction;
and applying for accessing resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when a passing message that the resource server authenticates that the token passes is received.
2. The access authentication method of claim 1, wherein the applying for authorization to the user according to the authentication instruction to obtain an authorization instruction comprises:
connecting the authentication server by using the client;
when the authentication server is successfully connected, generating whether to authorize a query message in the authentication server and sending the query message to the user;
when the user inputs forbidding authorization, the access authentication fails, and the client is started again according to a client starting instruction input by the user;
generating the authorization instruction with the authentication server when a user input allows authorization.
3. The access authentication method of claim 2, wherein the applying for authorization to the user according to the authentication command further comprises, before obtaining the authorization command:
executing program registration operation in the authentication server according to the program information of the client;
judging whether the program registration operation is successful, if the program registration operation is failed, checking the correctness of the program information of the client, and re-acquiring the program information corrected by the client;
and if the program registration operation is successful, generating the directional URL of the client in the authentication server.
4. The access authentication method of claim 3, wherein said applying for a token from a pre-built authentication server using said authorization instructions comprises:
accessing the authentication server using the authorization instruction;
extracting the directional URL and generating an authorization code at the authentication server;
sending the authorization code to the client according to the directional URL, and when the client receives the authorization code, returning the authorization code to the authentication server;
generating the token for the client when the authentication server receives the authorization code.
5. The access authentication method of claim 4, wherein applying for a token from a pre-built authentication server using the authorization instruction further comprises:
accessing the authentication server by using the authorization instruction, extracting the directional URL from the authentication server, and adding the token into the directional URL;
generating a token test instruction by using the client, and accessing the resource server according to the token test instruction;
when the resource server responds to the token test instruction, embedding the directional URL added with the token into a pre-constructed test webpage, and returning the test webpage including the token to the client;
and extracting the token from the test webpage by using the client.
6. The access authentication method as claimed in claim 1, wherein said receiving the authentication command returned by the client comprises:
starting the user login information window according to the client starting instruction;
receiving user login information input by a user in the user login information window;
packaging the user login information into information to be authenticated, and transmitting the information to be authenticated to the client;
and when the client side passes the authentication of the information to be authenticated, generating an authentication instruction and transmitting the authentication instruction back to the user.
7. The access authentication method according to claim 3, wherein the performing, in the authentication server, a program registration operation based on the program information of the client includes:
receiving a client plug-in corresponding to the client, and extracting client registration information from the client plug-in;
checking the integrity of the client registration information until the client registration information is complete, and converting the client registration information into a JSON format character array;
and sending data to the authentication server to execute program registration operation based on an HTTP protocol.
8. An access authentication apparatus, characterized in that the apparatus comprises:
the authentication instruction feedback module is used for starting the client according to a client starting instruction input by a user and receiving an authentication instruction returned by the client;
the authorization instruction generating module is used for applying authorization to the user according to the authentication instruction to obtain an authorization instruction;
the token application module is used for applying for a pre-constructed authentication server by using the authorization instruction to obtain a token;
and the resource acquisition module is used for applying for accessing resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when receiving a passing message that the resource server authenticates that the token passes.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the access authentication method of any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the access authentication method according to any one of claims 1 to 7.
CN202210549051.4A 2022-05-20 2022-05-20 Access authentication method and device, electronic equipment and storage medium Active CN114978675B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210549051.4A CN114978675B (en) 2022-05-20 2022-05-20 Access authentication method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210549051.4A CN114978675B (en) 2022-05-20 2022-05-20 Access authentication method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114978675A true CN114978675A (en) 2022-08-30
CN114978675B CN114978675B (en) 2023-06-20

Family

ID=82984580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210549051.4A Active CN114978675B (en) 2022-05-20 2022-05-20 Access authentication method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114978675B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140282919A1 (en) * 2011-09-30 2014-09-18 British Telecommunications Public Limited Company Controlled access
US20170324719A1 (en) * 2016-05-08 2017-11-09 Sap Se User authentication framework
CN107528858A (en) * 2017-09-29 2017-12-29 广州视睿电子科技有限公司 Login method, device, equipment and storage medium based on webpage
US20180351958A1 (en) * 2017-05-30 2018-12-06 Canon Kabushiki Kaisha System, method for the system, and storage medium for the method
JP2020042691A (en) * 2018-09-13 2020-03-19 株式会社東芝 Information processor, resource providing device, information processing method, information processing program, resource providing method, resource providing program
CN111131242A (en) * 2019-12-24 2020-05-08 北京格林威尔科技发展有限公司 Authority control method, device and system
JP2020119036A (en) * 2019-01-18 2020-08-06 キヤノン株式会社 Information processing device, test method of client application, and program
CN111770088A (en) * 2020-06-29 2020-10-13 南方电网科学研究院有限责任公司 Data authentication method, device, electronic equipment and computer readable storage medium
CN112822222A (en) * 2018-06-25 2021-05-18 创新先进技术有限公司 Login verification method, automatic login verification method, server side and client side
CN113645247A (en) * 2021-08-17 2021-11-12 武汉众邦银行股份有限公司 Authority authentication control method based on HTTP (hyper text transport protocol) and storage medium
CN114079569A (en) * 2020-07-31 2022-02-22 中移(苏州)软件技术有限公司 Open authorization method and device, equipment and storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140282919A1 (en) * 2011-09-30 2014-09-18 British Telecommunications Public Limited Company Controlled access
US20170324719A1 (en) * 2016-05-08 2017-11-09 Sap Se User authentication framework
US20180351958A1 (en) * 2017-05-30 2018-12-06 Canon Kabushiki Kaisha System, method for the system, and storage medium for the method
CN107528858A (en) * 2017-09-29 2017-12-29 广州视睿电子科技有限公司 Login method, device, equipment and storage medium based on webpage
CN112822222A (en) * 2018-06-25 2021-05-18 创新先进技术有限公司 Login verification method, automatic login verification method, server side and client side
JP2020042691A (en) * 2018-09-13 2020-03-19 株式会社東芝 Information processor, resource providing device, information processing method, information processing program, resource providing method, resource providing program
JP2020119036A (en) * 2019-01-18 2020-08-06 キヤノン株式会社 Information processing device, test method of client application, and program
CN111131242A (en) * 2019-12-24 2020-05-08 北京格林威尔科技发展有限公司 Authority control method, device and system
CN111770088A (en) * 2020-06-29 2020-10-13 南方电网科学研究院有限责任公司 Data authentication method, device, electronic equipment and computer readable storage medium
CN114079569A (en) * 2020-07-31 2022-02-22 中移(苏州)软件技术有限公司 Open authorization method and device, equipment and storage medium
CN113645247A (en) * 2021-08-17 2021-11-12 武汉众邦银行股份有限公司 Authority authentication control method based on HTTP (hyper text transport protocol) and storage medium

Also Published As

Publication number Publication date
CN114978675B (en) 2023-06-20

Similar Documents

Publication Publication Date Title
CN110602052B (en) Micro-service processing method and server
KR102080156B1 (en) Auto Recharge System, Method and Server
CN113238929B (en) Code testing method and device based on Mock data, electronic equipment and storage medium
CN111367821B (en) Software testing method and system
CN112528307A (en) Service request checking method and device, electronic equipment and storage medium
CN104580112A (en) Service authentication method and system, and server
CN112506779A (en) Software interface testing method and device, electronic equipment and storage medium
CN111209557A (en) Cross-domain single sign-on method and device, electronic equipment and storage medium
CN113704665A (en) Dynamic service publishing method, device, electronic equipment and storage medium
CN111651121A (en) Data logic calculation method and device, electronic equipment and storage medium
CN107203576A (en) Information synchronization method and device
CN113434254B (en) Client deployment method, client deployment apparatus, computer device, and storage medium
CN114827161A (en) Service calling request sending method and device, electronic equipment and readable storage medium
CN112463414B (en) Multi-client data interaction method and device, electronic equipment and storage medium
CN114006885A (en) Data acquisition method and device based on intelligent equipment and electronic equipment
CN112579452A (en) Software automation test method, device, equipment and storage medium
CN114978675B (en) Access authentication method and device, electronic equipment and storage medium
CN115021995A (en) Multi-channel login method, device, equipment and storage medium
CN114826725A (en) Data interaction method, device, equipment and storage medium
CN114143053A (en) Third-party service login method and device, terminal equipment and storage medium
CN112667244A (en) Data verification method and device, electronic equipment and computer readable storage medium
CN115001805B (en) Single sign-on method, device, equipment and storage medium
CN113626533B (en) Ultraviolet power detection method and device and electronic equipment
CN115242658B (en) Open system access method, device, computer equipment and storage medium
CN114707129A (en) H5 page login method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant