CN114978675B - Access authentication method and device, electronic equipment and storage medium - Google Patents
Access authentication method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114978675B CN114978675B CN202210549051.4A CN202210549051A CN114978675B CN 114978675 B CN114978675 B CN 114978675B CN 202210549051 A CN202210549051 A CN 202210549051A CN 114978675 B CN114978675 B CN 114978675B
- Authority
- CN
- China
- Prior art keywords
- client
- instruction
- authentication
- authorization
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000013475 authorization Methods 0.000 claims abstract description 94
- 238000012360 testing method Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 11
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 239000000463 material Substances 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000007726 management method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data security, and discloses an access authentication method, an access authentication device, electronic equipment and a medium, wherein the access authentication method comprises the following steps: and starting the client according to a client starting instruction input by a user, receiving an authentication instruction returned by the client, applying for authorization to the user according to the authentication instruction, obtaining an authorization instruction, applying for obtaining a token to a pre-built authentication server by using the authorization instruction, applying for accessing resources to the pre-built resource server by using the token, and extracting the accessed resources from the resource server to the client when receiving a passing message for the resource server to authenticate the passage of the token. The invention can solve the problems of low data access security or excessively complicated access authentication and excessive manpower and material resource consumption.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to an access authentication method, an access authentication device, an electronic device, and a computer readable storage medium.
Background
With the development of information technology, data access forms become more diverse, and how to improve access security in diverse data access is an urgent problem to be solved.
At present, security measures related to data access are mainly completed based on user login information or a blockchain, but the security verification method based on the user login information is low in security, information is easy to steal, and the security verification constructed by the blockchain is high in security, but access authentication is excessively complicated, and resources such as excessive manpower and material resources are consumed.
Disclosure of Invention
The invention provides an access authentication method, an access authentication device, electronic equipment and a computer readable storage medium, and mainly aims to solve the problems that data access security is low or access authentication is excessively complicated and excessive manpower and material resources are consumed.
In order to achieve the above object, the present invention provides an access authentication method, including:
starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client;
applying authorization to the user according to the authentication instruction to obtain an authorization instruction;
applying for obtaining a token from a pre-constructed authentication server by utilizing the authorization instruction;
and applying for accessing resources from the pre-constructed resource server by using the token, and extracting the accessing resources from the resource server to the client when receiving a passing message for the resource server to authenticate the token.
Optionally, the applying authorization to the user according to the authentication instruction, and obtaining an authorization instruction includes:
connecting the authentication server by the client;
generating an authorization inquiry message in the authentication server and transmitting the authorization inquiry message to the user when the authentication server is successfully connected;
when the user inputs the forbidden authorization, the access authentication fails, and the client is started again according to the client starting instruction input by the user;
the authorization instructions are generated with the authentication server when a user inputs permission authorization.
Optionally, the applying authorization to the user according to the authentication instruction, and obtaining an authorization instruction further includes:
executing program registration operation in the authentication server according to the program information of the client;
judging whether the program registration operation is successful or not, if the program registration operation fails, checking the correctness of the program information of the client and re-acquiring the corrected program information of the client;
and if the program registration operation is successful, generating a directional URL of the client in the authentication server.
Optionally, the applying for obtaining the token from the pre-constructed authentication server by using the authorization instruction includes:
accessing the authentication server using the authorization instruction;
extracting the directional URL at the authentication server and generating an authorization code;
transmitting the authorization code to the client according to the directional URL, and transmitting the authorization code back to the authentication server when the client receives the authorization code;
and generating the token for the client when the authentication server receives the authorization code.
Optionally, the applying for obtaining the token from the pre-constructed authentication server by using the authorization instruction may further include:
accessing the authentication server by utilizing the authorization instruction, extracting the directional URL at the authentication server, and adding the token in the directional URL;
generating a token test instruction by using the client, and accessing the resource server according to the token test instruction;
when the resource server responds to the token test instruction, embedding a directional URL added with the token into a pre-built test webpage, and returning the test webpage comprising the token to the client;
and extracting the token from the test webpage by using the client.
Optionally, the receiving the authentication instruction returned by the client includes:
starting the user login information window according to the client starting instruction;
receiving user login information input by a user in the user login information window;
packaging the user login information into information to be authenticated, and transmitting the information to be authenticated to the client;
and when the client side authenticates the information to be authenticated, generating an authentication instruction and transmitting the authentication instruction back to the user.
Optionally, the performing a program registration operation in the authentication server according to the program information of the client includes:
receiving a client plug-in corresponding to the client, and extracting client registration information from the client plug-in;
checking the integrity of the client registration information until the client registration information is complete, and converting the client registration information into a JSON format character array;
based on the HTTP protocol, data is sent to the authentication server to perform a program registration operation.
In order to solve the above-mentioned problems, the present invention also provides an access authentication apparatus, the apparatus comprising:
the authentication instruction returning module is used for starting the client according to the client starting instruction input by the user and receiving the authentication instruction returned by the client;
the authorization instruction generation module is used for applying authorization to the user according to the authentication instruction to obtain an authorization instruction;
the token application module is used for applying for obtaining a token from a pre-constructed authentication server by utilizing the authorization instruction;
and the resource acquisition module is used for applying access resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when receiving a passing message for the resource server to authenticate the token.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to implement the access authentication method described above.
In order to solve the above-described problems, the present invention also provides a computer-readable storage medium having stored therein at least one computer program that is executed by a processor in an electronic device to implement the above-described access authentication method.
Compared with the background art, the method comprises the following steps: based on user login information or blockchain to finish authentication access, the embodiment of the invention starts the client according to the client starting instruction input by the user, receives the authentication instruction returned by the client, can judge whether the client works normally or not through the authentication instruction returned by the client, secondly, applies authorization to the user according to the authentication instruction to obtain the authorization instruction, and applies for obtaining a token to a pre-built authentication server by utilizing the authorization instruction. Therefore, the access authentication method, the access authentication device, the electronic equipment and the computer readable storage medium can solve the problems that the data access security is low or the access authentication is too complicated and the excessive manpower and material resources are consumed.
Drawings
Fig. 1 is a flow chart of an access authentication method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of S2 in an access authentication method according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of S3 in the access authentication method according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of an access authentication device according to an embodiment of the present invention;
fig. 5 is a schematic diagram of an internal structure of an electronic device for implementing an access authentication method according to an embodiment of the present invention;
the achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides an access authentication method. The execution subject of the access authentication method includes, but is not limited to, at least one of a server, a terminal, and the like, which can be configured to execute the method provided by the embodiments of the present application. In other words, the access authentication method may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: the server can be an independent server, or can be a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDNs), basic cloud computing services such as big data and artificial intelligent platforms, and the like.
Referring to fig. 1, a flow chart of an access authentication method according to an embodiment of the invention is shown. In an embodiment of the present invention, the access authentication method includes:
s1, starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client.
In the embodiment of the invention, the client start instruction is a start request obtained by triggering a client by a user, and for example, if the user is a program developer and wants to open a program editor firstly in the local area, the program editor is the client, and the start instruction automatically triggered by opening the program editor by the user is the client start instruction.
Further, after generating the client start instruction, in order to improve security, authentication operation needs to be performed on the user, and in detail, the receiving the authentication instruction returned by the client includes:
starting the user login information window according to the client starting instruction;
receiving user login information input by a user in the user login information window;
packaging the user login information into information to be authenticated, and transmitting the information to be authenticated to the client;
and when the client side authenticates the information to be authenticated, generating an authentication instruction and transmitting the authentication instruction back to the user.
For example, the program developer inputs the user login information in the program editor, wherein the user login information comprises a login name and a login password, the program editor verifies whether the login name and the login password are consistent with those stored in the database, and if so, an authentication program pre-built in the program editor is automatically triggered to generate an authentication instruction.
S2, applying authorization to the user according to the authentication instruction to obtain an authorization instruction.
In detail, referring to fig. 2, the applying authorization to the user according to the authentication instruction, to obtain an authorization instruction includes:
s21, connecting the authentication server by using the client;
s22, when the authentication server is successfully connected, generating an authorization inquiry message in the authentication server and sending the authorization inquiry message to the user;
s23, when the user inputs forbidden authorization, the access authentication fails, and the client is started again according to a client starting instruction input by the user;
s24, when the user inputs permission authorization, the authentication server is utilized to generate the authorization instruction.
It should be emphasized that, for a networked client, if access authentication needs to be performed by using the internet, registration needs to be performed in a service provider where the client is located, where a registration server provided by the service provider is the authentication server. Therefore, the step of applying authorization to the user according to the authentication instruction, and obtaining an authorization instruction further comprises the following steps:
executing program registration operation in the authentication server according to the program information of the client;
judging whether the program registration operation is successful or not, if the program registration operation fails, checking the correctness of the program information of the client and re-acquiring the corrected program information of the client;
and if the program registration operation is successful, generating a directional URL of the client in the authentication server.
Further, the performing a program registration operation in the authentication server according to the program information of the client includes:
receiving a client plug-in corresponding to the client, and extracting client registration information from the client plug-in;
checking the integrity of the client registration information until the client registration information is complete, and converting the client registration information into a JSON format character array;
based on the HTTP protocol, data is sent to the authentication server to perform a program registration operation.
It should be explained that the client plug-in typically is a visual installer package that is obtained by a developer pre-packaging packages, including client registration information. It should be emphasized that the specific content of the registration information of different clients is not identical, and may include an access license number, a client port number, a client product device number, and the like.
Further, in order to effectively propagate the client registration information, the client registration information needs to be converted into a JSON format character array, the JSON format character array is transmitted to the authentication server by using the HTTP protocol, and when the authentication server receives the JSON format character array, storage backup is performed in the internal database, so that the program registration operation is completed.
In addition, when the program registration operation is successful, a registration success identification, namely a directional URL of the client, is generated, and the directional URL also has the effect of accessing the client.
And S3, applying for obtaining a token from a pre-built authentication server by using the authorization instruction.
In detail, referring to fig. 3, the application for obtaining a token from a pre-constructed authentication server by using the authorization instruction includes:
s31, accessing the authentication server by utilizing the authorization instruction;
s32, extracting the directional URL at the authentication server and generating an authorization code;
s33, sending the authorization code to the client according to the directional URL, and when the client receives the authorization code, returning the authorization code to the authentication server;
and S34, when the authentication server receives the authorization code, generating the token for the client.
According to the foregoing, when the program registration operation is successful, a registration success identifier, that is, a directional URL of the client is generated, so that it is necessary to extract the directional URL and an authorization code for issuing the token from the authentication server, and in addition, the directional URL also has an effect of accessing the client, so that the authorization code is sent to the client by using the directional URL, until a response of the client according to the authorization code is obtained, the token is generated for the client by using the authentication server.
In another embodiment of the present invention, the applying for obtaining the token from the pre-constructed authentication server by using the authorization instruction includes:
accessing the authentication server by utilizing the authorization instruction, extracting the directional URL at the authentication server, and adding the token in the directional URL;
generating a token test instruction by using the client, and accessing a pre-constructed resource server according to the token test instruction;
when the resource server responds to the token test instruction, embedding a directional URL added with the token into a pre-built test webpage, and returning the test webpage comprising the token to the client;
and extracting the token from the test webpage by using the client.
It should be explained that in another embodiment of the present invention, in order to improve the subsequent authentication efficiency when executing the token request, whether the resource server will respond to the token test instruction is further tested, and when the resource server responds to the token test instruction, a test web page including a token is constructed and pushed to the client, so as to complete the token application.
And S4, applying for accessing resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when receiving a passing message for the resource server to authenticate the token.
It should be appreciated that, since the token corresponds to an access pass between different servers, when the client takes the token issued by the authentication server, the client can directly apply for access to the resource server bound to the authentication server.
Illustratively, after the program developer opens the program editor, it is desirable to extract the codes written by other developers from the resource server, and after the operations of token application, authentication, etc. are completed, the codes written by the other developers can be directly extracted from the resource server and sent into the program editor.
Compared with the background art, the method comprises the following steps: based on user login information or blockchain to finish authentication access, the embodiment of the invention starts the client according to the client starting instruction input by the user, receives the authentication instruction returned by the client, can judge whether the client works normally or not through the authentication instruction returned by the client, secondly, applies authorization to the user according to the authentication instruction to obtain the authorization instruction, and applies for obtaining a token to a pre-built authentication server by utilizing the authorization instruction. Therefore, the access authentication method, the access authentication device, the electronic equipment and the computer readable storage medium can solve the problems that the data access security is low or the access authentication is too complicated and the excessive manpower and material resources are consumed.
As shown in fig. 4, a functional block diagram of the access authentication apparatus according to the present invention is shown.
The access authentication apparatus 100 of the present invention may be mounted in an electronic device. The access authentication device may include an authentication instruction feedback module 101, an authorization instruction generation module 102, a token application module 103, and a resource acquisition module 104 according to the implemented functions. The module of the present invention may also be referred to as a unit, meaning a series of computer program segments capable of being executed by a processor of an electronic device and of performing a fixed function, stored in a memory of the electronic device.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the authentication instruction returning module 101 is configured to start a client according to a client start instruction input by a user, and receive an authentication instruction returned by the client;
the authorization instruction generating module 102 is configured to apply authorization to the user according to the authentication instruction, and obtain an authorization instruction;
the token applying module 103 is configured to apply for obtaining a token from a pre-constructed authentication server by using the authorization instruction;
the resource obtaining module 104 is configured to apply for accessing a resource to a pre-constructed resource server by using the token, and extract the access resource from the resource server to the client when receiving a pass message that the token passes by authentication of the resource server.
In detail, the modules in the access authentication device 100 in the embodiment of the present invention use the same technical means as the access authentication method described in fig. 1 and can produce the same technical effects, which are not described herein.
As shown in fig. 5, a schematic structural diagram of an electronic device 1 implementing an access authentication method according to the present invention is shown.
The electronic device 1 may comprise a processor 10, a memory 11, a communication bus 12 and a communication interface 13, and may further comprise a computer program, such as an access authentication method program, stored in the memory 11 and executable on the processor 10.
The processor 10 may be formed by an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be formed by a plurality of integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing unit, CPU), a microprocessor, a digital processing chip, a graphics processor, a combination of various control chips, and so on. The processor 10 is a Control Unit (Control Unit) of the electronic device 1, connects respective parts of the entire electronic device 1 using various interfaces and lines, executes or executes programs or modules (e.g., an access authentication method program or the like) stored in the memory 11, and invokes data stored in the memory 11 to perform various functions of the electronic device 1 and process data.
The memory 11 includes at least one type of readable storage medium including flash memory, a removable hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may in other embodiments also be an external storage device of the electronic device 1, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only for storing application software installed in the electronic device 1 and various types of data, such as codes of access authentication method programs, but also for temporarily storing data that has been output or is to be output.
The communication bus 12 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
The communication interface 13 is used for communication between the electronic device 1 and other devices, including a network interface and a user interface. Optionally, the network interface may comprise a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device 1 and other electronic devices 1. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device 1 and for displaying a visual user interface.
Fig. 5 shows only an electronic device 1 with components, it being understood by a person skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or may be arranged in different components.
For example, although not shown, the electronic device 1 may further include a power source (such as a battery) for supplying power to each component, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The access authentication method program stored in the memory 11 in the electronic device 1 is a combination of a plurality of computer programs, which when run in the processor 10, can realize:
starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client;
applying authorization to the user according to the authentication instruction to obtain an authorization instruction;
applying for obtaining a token from a pre-constructed authentication server by utilizing the authorization instruction;
and applying for accessing resources from the pre-constructed resource server by using the token, and extracting the accessing resources from the resource server to the client when receiving a passing message for the resource server to authenticate the token.
In particular, the specific implementation method of the processor 10 on the computer program may refer to the description of the relevant steps in the corresponding embodiment of fig. 1, which is not repeated herein.
Further, the integrated modules/units of the electronic device 1 may be stored in a non-volatile computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor of an electronic device 1, may implement:
starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client;
applying authorization to the user according to the authentication instruction to obtain an authorization instruction;
applying for obtaining a token from a pre-constructed authentication server by utilizing the authorization instruction;
and applying for accessing resources from the pre-constructed resource server by using the token, and extracting the accessing resources from the resource server to the client when receiving a passing message for the resource server to authenticate the token.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (5)
1. An access authentication method, the method comprising:
starting a client according to a client starting instruction input by a user, and receiving an authentication instruction returned by the client;
applying authorization to the user according to the authentication instruction to obtain an authorization instruction;
applying for obtaining a token from a pre-constructed authentication server by utilizing the authorization instruction;
applying for accessing resources from a pre-constructed resource server by using the token, and extracting the accessing resources from the resource server to the client when receiving a passing message for the resource server to authenticate the token;
the step of applying authorization to the user according to the authentication instruction to obtain an authorization instruction comprises the following steps:
connecting the authentication server by the client;
generating an authorization inquiry message in the authentication server and transmitting the authorization inquiry message to the user when the authentication server is successfully connected;
when the user inputs the forbidden authorization, the access authentication fails, and the client is started again according to the client starting instruction input by the user;
generating the authorization instruction by using the authentication server when the user inputs permission authorization;
the method comprises the steps of applying authorization to the user according to the authentication instruction, and further comprising the following steps before obtaining the authorization instruction:
executing program registration operation in the authentication server according to the program information of the client;
judging whether the program registration operation is successful or not, if the program registration operation fails, checking the correctness of the program information of the client and re-acquiring the corrected program information of the client;
if the program registration operation is successful, generating a directional URL of the client in the authentication server;
the application of the authorization instruction to the pre-constructed authentication server to obtain the token comprises the following steps:
accessing the authentication server using the authorization instruction;
extracting the directional URL at the authentication server and generating an authorization code;
transmitting the authorization code to the client according to the directional URL, and transmitting the authorization code back to the authentication server when the client receives the authorization code;
generating the token for the client when the authentication server receives the authorization code;
the application of the authorization instruction to the pre-constructed authentication server to obtain the token further comprises:
accessing the authentication server by utilizing the authorization instruction, extracting the directional URL at the authentication server, and adding the token in the directional URL;
generating a token test instruction by using the client, and accessing the resource server according to the token test instruction;
when the resource server responds to the token test instruction, embedding a directional URL added with the token into a pre-built test webpage, and returning the test webpage comprising the token to the client;
extracting the token from the test webpage by using the client;
the receiving the authentication instruction returned by the client comprises the following steps:
starting the user login information window according to the client starting instruction;
receiving user login information input by a user in the user login information window;
packaging the user login information into information to be authenticated, and transmitting the information to be authenticated to the client;
and when the client side authenticates the information to be authenticated, generating an authentication instruction and transmitting the authentication instruction back to the user.
2. The access authentication method according to claim 1, wherein the performing a program registration operation in the authentication server according to the program information of the client includes:
receiving a client plug-in corresponding to the client, and extracting client registration information from the client plug-in;
checking the integrity of the client registration information until the client registration information is complete, and converting the client registration information into a JSON format character array;
based on the HTTP protocol, data is sent to the authentication server to perform a program registration operation.
3. An access authentication apparatus for implementing the access authentication method according to any one of claims 1 to 2, characterized in that the apparatus comprises:
the authentication instruction returning module is used for starting the client according to the client starting instruction input by the user and receiving the authentication instruction returned by the client;
the authorization instruction generation module is used for applying authorization to the user according to the authentication instruction to obtain an authorization instruction;
the token application module is used for applying for obtaining a token from a pre-constructed authentication server by utilizing the authorization instruction;
and the resource acquisition module is used for applying access resources to a pre-constructed resource server by using the token, and extracting the access resources from the resource server to the client when receiving a passing message for the resource server to authenticate the token.
4. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the access authentication method according to any one of claims 1 to 2.
5. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the access authentication method according to any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210549051.4A CN114978675B (en) | 2022-05-20 | 2022-05-20 | Access authentication method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210549051.4A CN114978675B (en) | 2022-05-20 | 2022-05-20 | Access authentication method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114978675A CN114978675A (en) | 2022-08-30 |
| CN114978675B true CN114978675B (en) | 2023-06-20 |
Family
ID=82984580
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210549051.4A Active CN114978675B (en) | 2022-05-20 | 2022-05-20 | Access authentication method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978675B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107528858A (en) * | 2017-09-29 | 2017-12-29 | 广州视睿电子科技有限公司 | Login method, device, equipment and storage medium based on webpage |
| JP2020042691A (en) * | 2018-09-13 | 2020-03-19 | 株式会社東芝 | Information processor, resource providing device, information processing method, information processing program, resource providing method, resource providing program |
| CN111131242A (en) * | 2019-12-24 | 2020-05-08 | 北京格林威尔科技发展有限公司 | Authority control method, device and system |
| JP2020119036A (en) * | 2019-01-18 | 2020-08-06 | キヤノン株式会社 | Information processing device, test method of client application, and program |
| CN111770088A (en) * | 2020-06-29 | 2020-10-13 | 南方电网科学研究院有限责任公司 | Data authentication method, device, electronic equipment and computer readable storage medium |
| CN112822222A (en) * | 2018-06-25 | 2021-05-18 | 创新先进技术有限公司 | Login verification method, automatic login verification method, server side and client side |
| CN113645247A (en) * | 2021-08-17 | 2021-11-12 | 武汉众邦银行股份有限公司 | Authority authentication control method based on HTTP (hyper text transport protocol) and storage medium |
| CN114079569A (en) * | 2020-07-31 | 2022-02-22 | 中移(苏州)软件技术有限公司 | Open authorization method and device, equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2575315A1 (en) * | 2011-09-30 | 2013-04-03 | British Telecommunications Public Limited Company | Controlled access |
| US10091179B2 (en) * | 2016-05-08 | 2018-10-02 | Sap Se | User authentication framework |
| JP2018205840A (en) * | 2017-05-30 | 2018-12-27 | キヤノン株式会社 | System, method therefor and program therefor |
-
2022
- 2022-05-20 CN CN202210549051.4A patent/CN114978675B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107528858A (en) * | 2017-09-29 | 2017-12-29 | 广州视睿电子科技有限公司 | Login method, device, equipment and storage medium based on webpage |
| CN112822222A (en) * | 2018-06-25 | 2021-05-18 | 创新先进技术有限公司 | Login verification method, automatic login verification method, server side and client side |
| JP2020042691A (en) * | 2018-09-13 | 2020-03-19 | 株式会社東芝 | Information processor, resource providing device, information processing method, information processing program, resource providing method, resource providing program |
| JP2020119036A (en) * | 2019-01-18 | 2020-08-06 | キヤノン株式会社 | Information processing device, test method of client application, and program |
| CN111131242A (en) * | 2019-12-24 | 2020-05-08 | 北京格林威尔科技发展有限公司 | Authority control method, device and system |
| CN111770088A (en) * | 2020-06-29 | 2020-10-13 | 南方电网科学研究院有限责任公司 | Data authentication method, device, electronic equipment and computer readable storage medium |
| CN114079569A (en) * | 2020-07-31 | 2022-02-22 | 中移(苏州)软件技术有限公司 | Open authorization method and device, equipment and storage medium |
| CN113645247A (en) * | 2021-08-17 | 2021-11-12 | 武汉众邦银行股份有限公司 | Authority authentication control method based on HTTP (hyper text transport protocol) and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114978675A (en) | 2022-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110602052A (en) | Micro-service processing method and server | |
| US8516239B2 (en) | Virtual authentication proxy server and terminal authentication server | |
| KR102080156B1 (en) | Auto Recharge System, Method and Server | |
| CN104580112A (en) | Service authentication method and system, and server | |
| CN111367821B (en) | Software testing method and system | |
| CN107040518A (en) | A kind of private clound server log method and system | |
| CN107835160A (en) | Third party's user authen method based on Quick Response Code | |
| CN111708990A (en) | Applet starting method, signature method, device, server and medium | |
| CN112528307A (en) | Service request checking method and device, electronic equipment and storage medium | |
| CN113238929B (en) | Code testing method and device based on Mock data, electronic equipment and storage medium | |
| CN112506779A (en) | Software interface testing method and device, electronic equipment and storage medium | |
| CN112165448B (en) | Service processing method, device, system, computer equipment and storage medium | |
| CN111209557A (en) | Cross-domain single sign-on method and device, electronic equipment and storage medium | |
| CN110601832A (en) | Data access method and device | |
| CN105162774A (en) | Virtual machine login method and device used for terminal | |
| CN114726630B (en) | License-based information security authorization method and device, electronic equipment and medium | |
| CN114827161B (en) | Service call request sending method and device, electronic equipment and readable storage medium | |
| CN111651121A (en) | Data logic calculation method and device, electronic equipment and storage medium | |
| CN112463414B (en) | Multi-client data interaction method and device, electronic equipment and storage medium | |
| CN113434254B (en) | Client deployment method, client deployment apparatus, computer device, and storage medium | |
| CN110647736A (en) | Plug-in agent system login method and device, computer equipment and storage medium | |
| CN114462096A (en) | Block chain-based Internet of things equipment control method and device, computer equipment and storage medium | |
| CN114978675B (en) | Access authentication method and device, electronic equipment and storage medium | |
| CN115021995B (en) | Multi-channel login method, device, equipment and storage medium | |
| CN114826725A (en) | Data interaction method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |