CN115225293B - Authentication method, system, device, equipment and computer storage medium - Google Patents

Authentication method, system, device, equipment and computer storage medium Download PDF

Info

Publication number
CN115225293B
CN115225293B CN202110408848.8A CN202110408848A CN115225293B CN 115225293 B CN115225293 B CN 115225293B CN 202110408848 A CN202110408848 A CN 202110408848A CN 115225293 B CN115225293 B CN 115225293B
Authority
CN
China
Prior art keywords
authentication
token
user
authentication center
center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110408848.8A
Other languages
Chinese (zh)
Other versions
CN115225293A (en
Inventor
马超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Liaoning Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Liaoning Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Liaoning Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110408848.8A priority Critical patent/CN115225293B/en
Publication of CN115225293A publication Critical patent/CN115225293A/en
Application granted granted Critical
Publication of CN115225293B publication Critical patent/CN115225293B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Abstract

The application discloses an authentication method, an authentication system, an authentication device, an authentication equipment and a computer storage medium, wherein the authentication method comprises the steps of receiving an access request of a terminal, wherein the access request is initiated according to a URL generated by an SSO authentication center; responding to the access request, and initiating a first authentication request to a target authentication center, wherein the target authentication center is a TOKEN authentication center under the condition that the state information of the TOKEN authentication center is on, and N second application servers are arranged in the target authentication center under the condition that the state information of the TOKEN authentication center is off; and acquiring the user certificate according to an authentication result returned by the target authentication center in response to the first authentication request. The embodiment of the application can realize the dynamic switching of the center authentication and the distributed authentication by judging the state information of the TOKEN authentication center, thereby meeting the authentication service requirements of multiple scenes. During distributed authentication, authentication requests are directly sent to N second application servers, and a new center authentication node is not needed, so that extra resource investment is avoided.

Description

Authentication method, system, device, equipment and computer storage medium
Technical Field
The application belongs to the technical field of authentication management, and particularly relates to an authentication method, an authentication system, an authentication device, an authentication equipment and a computer storage medium.
Background
As is well known, large-scale intranet technology (internet Technology, IT) has numerous application systems, and for ease of administration, single point authentication and unified authentication schemes are particularly important.
The existing authentication methods mostly adopt an authentication method based on a data cookie stored on a local terminal of a user or based on a "usage mode" (JSON with Padding, JSON) of a data format JSON, the authentication methods mostly concentrate on a centralized authentication mode, and the existing distributed authentication methods mostly also need to add a new central authentication node, so that extra resource investment is caused, dynamic switching between central authentication and distributed authentication cannot be realized, and the multi-scene authentication service requirement is difficult to meet.
Disclosure of Invention
The embodiment of the application provides an authentication method, an authentication system, an authentication device and a computer storage medium, which are used for solving the technical problems that in the prior art, the distributed authentication method needs additional resource investment, dynamic switching between center authentication and distributed authentication cannot be realized, and the authentication service requirements of multiple scenes are difficult to meet.
In a first aspect, an embodiment of the present application provides an authentication method, applied to a first application server in an authentication system, where the authentication system further includes a single sign-on SSO authentication center, a TOKEN authentication center, and N second application servers, where N is an integer greater than 1, and the authentication method includes:
receiving an access request of a terminal, wherein the access request is initiated according to a Uniform Resource Locator (URL) generated by the SSO authentication center, the URL comprises a TOKEN and state information of a TOKEN authentication center corresponding to the TOKEN, and the state information is used for indicating the opening or closing of the TOKEN authentication center;
responding to the access request, and initiating a first authentication request corresponding to the state information to a target authentication center, wherein the target authentication center is the TOKEN authentication center when the state information is on, and the target authentication center is the N second application servers when the state information is off;
and acquiring a user certificate according to an authentication result returned by the target authentication center in response to the first authentication request, wherein the user certificate is used for identifying the user information of the terminal so as to finish login.
In one embodiment, in a case that the target authentication center is the TOKEN authentication center, after the responding to the access request and initiating a first authentication request corresponding to the state information to the target authentication center, the method further includes:
under the condition that the TOKEN authentication center works abnormally, initiating second authentication requests to the N second application servers;
and acquiring user credentials according to authentication results returned by the N second application servers in response to the second authentication requests.
In one embodiment, in the case where the target authentication center is the TOKEN authentication center, the URL further includes authentication aging of the TOKEN,
the step of obtaining the user certificate according to the authentication result returned by the target authentication center in response to the first authentication request comprises the following steps:
acquiring a user encryption certificate sent by the TOKEN authentication center in the authentication timeliness;
and decrypting the user encryption certificate according to a preset decryption algorithm to obtain the user certificate.
In one embodiment, in the case that the target authentication center is the N second application servers, the URL further includes N pieces of user encryption credentials,
The step of obtaining the user certificate according to the authentication result returned by the target authentication center in response to the first authentication request comprises the following steps:
receiving N user credential fragments sent by the N second application servers, wherein the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence manner based on the N second application servers;
and splicing the N user credential fragments to obtain the user credential.
In one embodiment, the URL further comprises N pieces of user encryption credentials,
the step of obtaining the user credentials according to the authentication results returned by the N second application servers in response to the second authentication request includes:
receiving N user credential fragments sent by the N second application servers, wherein the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence manner based on the N second application servers;
and splicing the N user credential fragments to obtain the user credential.
In one embodiment, the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence based on the N second application servers when the status information of the TOKEN authentication center is closed and/or the TOKEN authentication center is abnormal.
In a second aspect, an embodiment of the present application provides an authentication system, including:
the SSO authentication center is used for generating a URL according to the received terminal input information and sending the URL to the terminal, wherein the terminal input information is information generated by receiving user input by the terminal, and the URL comprises TOKEN, state information of the TOKEN authentication center corresponding to the TOKEN, authentication timeliness of the TOKEN and N user encryption credential fragments;
a first application server for implementing the authentication method according to any one of claims 1-6;
the TOKEN authentication center is used for receiving an authentication request initiated by the first application server and responding to the authentication request to return an authentication result to the first application server;
n second application servers for receiving the authentication request initiated by the first application server and responding to the authentication request, returning the authentication result to the first application server,
wherein N is an integer greater than 1.
In a third aspect, an embodiment of the present application provides an authentication apparatus, where the apparatus includes:
the receiving module is used for receiving an access request of the terminal, wherein the access request is initiated according to a Uniform Resource Locator (URL) generated by the SSO authentication center, the URL comprises a TOKEN and state information of the TOKEN authentication center corresponding to the TOKEN, and the state information is used for indicating the opening or closing of the TOKEN authentication center;
The first sending module is used for responding to the access request and sending a first authentication request corresponding to the state information to a target authentication center, wherein the target authentication center is the TOKEN authentication center when the state information is on, the target authentication center is N second application servers when the state information is off, and N is an integer larger than 1;
the first acquisition module is used for acquiring a user certificate according to an authentication result returned by the target authentication center in response to the first authentication request, wherein the user certificate is used for identifying the user information of the terminal so as to finish login.
In a fourth aspect, an embodiment of the present application provides an electronic device, including:
a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the method described above.
In a fifth aspect, embodiments of the present application provide a computer storage medium having stored thereon computer program instructions which, when executed by a processor, implement the above-described method.
The authentication method, the authentication system, the authentication device, the authentication equipment and the computer storage medium can receive the access request of the terminal, wherein the access request of the terminal is initiated according to the URL generated by the SSO authentication center; responding to the access request, and initiating a first authentication request to a target authentication center, wherein the target authentication center is a TOKEN authentication center under the condition that the state information of the TOKEN authentication center is on, and N second application servers are arranged in the target authentication center under the condition that the state information of the TOKEN authentication center is off; and then acquiring the user certificate according to an authentication result returned by the target authentication center in response to the first authentication request.
According to the embodiment of the application, the center authentication can be initiated to the TOKEN authentication center through the state information selection of the TOKEN authentication center, or the distributed authentication is initiated to the N second application servers, so that the dynamic switching between the center authentication and the distributed authentication is realized, and the authentication service requirements of multiple scenes are met. In addition, when distributed authentication is performed, the first application server can directly send authentication requests to the N second application servers, and a new center authentication node is not required to be added, so that extra resource investment is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described, and it is possible for a person skilled in the art to obtain other drawings according to these drawings without inventive effort.
Fig. 1 is a schematic structural diagram of an authentication system according to an embodiment of the present application;
FIG. 2 is a flow chart of an authentication method provided in one embodiment of the present application;
fig. 3 is a schematic diagram of TOKEN authentication center authentication in the authentication method provided in the present application;
fig. 4 is a schematic diagram of authentication of N second application servers in the authentication method provided in the present application;
FIG. 5 is a flow chart of an exemplary embodiment of a scenario of an authentication method provided herein;
fig. 6 is a schematic structural diagram of an authentication device according to another embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to another embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present application are described in detail below to make the objects, technical solutions and advantages of the present application more apparent, and to further describe the present application in conjunction with the accompanying drawings and the detailed embodiments. It should be understood that the specific embodiments described herein are intended to be illustrative of the application and are not intended to be limiting. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by showing examples of the present application.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
In order to solve the problems in the prior art, embodiments of the present application provide an authentication method, system, device, equipment and computer storage medium. The authentication system provided in the embodiments of the present application will be first described below.
Fig. 1 shows a schematic structural diagram of an authentication system according to an embodiment of the present application. As shown in fig. 1, the authentication system 100 may include a Single Sign On (SSO) authentication center 101, a first application server 102, a TOKEN (TOKEN) authentication center 103, and N second application servers 104, where N is an integer greater than 1.
In this embodiment, the SSO authentication center 101 can generate a uniform resource locator (Uniform Resource Locator, URL) from the received terminal 110 input information, and send the URL to the terminal 110 so that the terminal 110 can initiate an access request based on the URL. The terminal 110 may be an electronic device such as a mobile phone, a computer, or a tablet computer. The terminal 110 input information may be information generated by the terminal 110 receiving user input, and specifically, may be information generated by the terminal 110 after receiving an operation action of the user on the terminal 110. For example, the user clicks on an icon of the first application on the terminal 110, thereby triggering a login procedure of the first application server 102.
The URL generated by the SSO authentication center 101 may include at least one of TOKEN, status information of TOKEN authentication center 103 corresponding to TOKEN, authentication age of TOKEN, and N pieces of user encryption credentials.
For example, the SSO authentication center 101 generates a URL in response to the trigger of the terminal 110 for the first application server 102, where the TOKEN in the URL may correspond to the first application server 102, specifically, each first application server 102 may carry a unique identifier (Identity document, ID), and the TOKEN may carry the ID, and thus form a corresponding relationship with the first application server 102.
TOKEN may correspond to a TOKEN authentication center 103, and the url may further include status information of the TOKEN authentication center 103, which may be denoted by "0" or "1". For example, when the status of the TOKEN authentication center 103 is displayed as "0", the status information of the TOKEN authentication center 103 may be indicated as on, and the TOKEN authentication center 103 may authenticate normally; when the status of the TOKEN authentication center 103 is displayed as "1", it may indicate that the status information of the TOKEN authentication center 103 is turned off, and the TOKEN authentication center 103 does not authenticate.
In addition, TOKEN is generally temporary information for computer authentication, i.e., TOKEN is time-efficient. The URL may also include TOKEN authentication age, in which the TOKEN authentication center 103 may only authenticate successfully.
In this embodiment, TOKEN, the authentication timeliness of TOKEN, which is included in the URL, may be used for center authentication of TOKEN authentication center 103.
The URL may also include N pieces of user-encrypted credentials, which are in one-to-one correspondence with the second application servers 104, and may be used for distributed authentication of the N second application servers.
In this embodiment, the first application server 102 may be an application server that receives an access request of the terminal 110, that is, an application server that the terminal 110 wants to log in. The second application server 104 may be a preset other application server trusted by the first application server 102.
For ease of understanding, the first application server 102 may be represented by an access application and the second application server 104 may be represented by a trusted site.
As shown in the table above, in one example, when the first application server 102 is application a, the second application server 104 may be application B, application C, and application D; when the first application server 102 is application B, the second application server 104 may be application a and application C; when the first application server 102 is application C, the second application server 104 may be application a, application B, application D, and application E.
Taking the first application server 102 as an application a for example, after the application a receives the access request of the terminal 110, a distributed authentication request may be initiated to the application B, the application C, and the application D. Specifically, when the TOKEN authentication center 103 indicated in the access request is closed or the TOKEN authentication center 103 works abnormally, a distributed authentication request is initiated to the application B, the application C and the application D.
After receiving the authentication request of the application A, the application B, the application C and the application D can respond to the authentication request and return an authentication result to the application A.
In this embodiment, the authentication system may further include a TOKEN authentication center 103, and the TOKEN authentication center 103 may also receive an authentication request from the first application server 102. Specifically, when the TOKEN authentication center 103 is turned on and the TOKEN authentication center 103 works normally, an authentication request of the first application server 102 is received, and an authentication result is returned to the first application server 102 in response to the authentication request.
The authentication system 100 of the embodiment can be used for central authentication and distributed authentication, and can realize dynamic switching between central authentication and distributed authentication, thereby meeting the authentication service requirements of multiple scenes. And the authentication system can perform distributed authentication through N trusted second application servers 104 preset by the first application server 102 without adding a new central authentication node, thereby avoiding additional resource investment.
Based on the authentication system provided by the above, in order to realize dynamic switching between center authentication and distributed authentication and avoid additional resource investment, an embodiment of the present application further provides a specific implementation manner of the authentication method. Fig. 2 shows a flow chart of an authentication method according to an embodiment of the present application.
As shown in fig. 2, the authentication method may include:
step S201, receiving an access request of a terminal, wherein the access request is initiated according to a Uniform Resource Locator (URL) generated by an SSO authentication center, the URL comprises a TOKEN and state information of the TOKEN authentication center corresponding to the TOKEN, and the state information is used for indicating the opening or closing of the TOKEN authentication center;
step S202, responding to an access request, and initiating a first authentication request corresponding to state information to a target authentication center, wherein the target authentication center is a TOKEN authentication center when the state information is on, and N second application servers are used as the target authentication center when the state information is off;
step S203, according to the authentication result returned by the target authentication center in response to the first authentication request, the user credentials are obtained, wherein the user credentials are used for identifying the user information of the terminal to complete login.
In this embodiment, in step S201, the first application server receives an access request of the terminal, where the access request may be initiated by the terminal according to a URL generated by the SSO authentication center. The URL may be generated by the SSO authentication center in response to the user input received by the terminal, and specifically, after the terminal receives the trigger operation of the user on the terminal, the SSO authentication center generates the URL in response to the trigger operation.
For example, the user clicks an icon of the first application on the terminal, thereby triggering a login procedure of the first application server. The SSO authentication center responds to the triggered login program of the first application server, generates a URL and returns the URL to the terminal, and the terminal can initiate an access request to the first application server based on the URL.
The URL may include TOKEN, and status information of a TOKEN authentication center corresponding to TOKEN, where the status information may be used to indicate on or off of the TOKEN authentication center. Because the access request is initiated based on the URL, the access request received by the first application server may also carry TOKEN and status information of the TOKEN authentication center corresponding to the TOKEN.
In step S202, in response to the access request, a first authentication request corresponding to the state information may be initiated to the target authentication center. Whether the TOKEN authentication center is in an on state or an off state may be determined based on the state information.
When the TOKEN authentication center is in an on state, the target authentication center may be the TOKEN authentication center, and at this time, the first application server may initiate a first authentication request to the TOKEN authentication center; when the TOKEN authentication center is in a closed state, the target authentication center may be N second application servers, and at this time, the first application server may initiate first authentication requests to the N second application servers. Wherein N is an integer greater than 1.
In this embodiment, the N second application servers may be trusted other application servers preset by the first application server, and when the TOKEN authentication center is in a closed state and central authentication cannot be performed through the TOKEN authentication center, the first application server may initiate distributed authentication to the N second application servers to obtain an authentication result.
In step S203, the first application server may receive an authentication result returned by the target authentication center in response to the first authentication request, and obtain the user credential according to the authentication result. And identifying the user information of the terminal by using the user certificate so that the terminal can log in the first application server for access.
For example, when the first application server initiates a first authentication request to the TOKEN authentication center, the TOKEN authentication center returns an authentication result to the first application server under the condition that authentication passes, and the first application server can acquire a user credential of the terminal according to the authentication result returned by the TOKEN authentication center.
For another example, when the first application server initiates the first authentication request to the N second application servers, the N second application servers return the authentication result to the first application server under the condition that the authentication passes, and the first application server may obtain the user credentials of the terminal according to the authentication results returned by the N second application servers.
The authentication method provided by the embodiment can receive the access request of the terminal, wherein the access request of the terminal is initiated according to the URL generated by the SSO authentication center; responding to the access request, and initiating a first authentication request to a target authentication center, wherein the target authentication center is a TOKEN authentication center under the condition that the state information of the TOKEN authentication center is on, and N second application servers are arranged in the target authentication center under the condition that the state information of the TOKEN authentication center is off; and then acquiring the user certificate according to an authentication result returned by the target authentication center in response to the first authentication request.
According to the embodiment, central authentication can be initiated to the TOKEN authentication center through state information selection of the TOKEN authentication center, or distributed authentication is initiated to N second application servers, so that dynamic switching between central authentication and distributed authentication is realized, and the authentication service requirements of multiple scenes are met. In addition, when distributed authentication is performed, the first application server can directly send authentication requests to the N second application servers, and a new center authentication node is not required to be added, so that extra resource investment is avoided.
Optionally, in the case that the target authentication center is a TOKEN authentication center, in order to ensure effective authentication, further implement dynamic switching between center authentication and distributed authentication, in one embodiment, step S202, after initiating, in response to the access request, a first authentication request corresponding to the state information to the target authentication center, the authentication method may further include:
under the condition that the TOKEN authentication center works abnormally, initiating second authentication requests to N second application servers;
and acquiring the user credentials according to authentication results returned by the N second application servers in response to the second authentication request.
In this embodiment, when the status information of the TOKEN authentication center is on, the first application server initiates a first authentication request to the TOKEN authentication center, and the TOKEN authentication center may have abnormal operation, which results in failure of authentication, and at this time, the first application server may initiate second authentication requests to N second application servers.
For example, after the first application server initiates a first authentication request to the TOKEN authentication center, when the TOKEN authentication center finds that the network is unreachable, the port is not communicable, the service response is overtime, the first application server can actively switch the authentication modes, and initiate second authentication requests to the N second application servers.
And the N second application servers return authentication results to the first application server under the condition that authentication passes, and the first application server can acquire user credentials of the terminal according to the authentication results returned by the N second application servers, so that the user credentials are utilized to identify the user information of the terminal, and the terminal can log in the first application server for access.
The embodiment can actively switch the authentication mode under the condition that the TOKEN authentication center works abnormally, and adopts the distributed authentication mode to carry out authentication, thereby ensuring the effectiveness of authentication.
Optionally, in the case that the target authentication center is a TOKEN authentication center, in order to obtain a valid user credential, in one embodiment, the URL may further include authentication aging of TOKEN, and step S203, obtaining, according to an authentication result returned by the target authentication center in response to the first authentication request, the user credential may include:
acquiring a user encryption certificate sent by a TOKEN authentication center in authentication timeliness;
and decrypting the user encryption certificate according to a preset decryption algorithm to obtain the user certificate.
In this embodiment, the URL may further include an authentication time of TOKEN, specifically TOKEN is time-efficient, and authentication is only successful within a specified time. For example, TOKEN may be authenticated for 5 minutes, and then TOKEN is valid for 5 minutes from generation.
The TOKEN authentication center authenticates, and when recognizing that TOKEN carried in the access request is in the validity period, the TOKEN authentication center can judge that the authentication is successful; if the TOKEN carried in the access request is identified to be invalid, the authentication failure can be determined.
Under the condition that the TOKEN authentication center successfully authenticates within the authentication timeliness of TOKEN, the first application server can acquire the user encryption certificate sent by the TOKEN authentication center.
As shown in fig. 3, in some embodiments, TOKEN authentication centers are independent and isolated from each other for encryption algorithms provided between different application servers. That is, the user credentials provided by the TOKEN authentication center to the application a may be encrypted by using the encryption algorithm a, and the user credentials provided to the application B may be encrypted by using the encryption algorithm B, so that security may be ensured.
Different application servers correspondingly have independent decryption algorithms and related rights. The first application server can decrypt the user encryption certificate according to a preset decryption algorithm to obtain the user certificate, so that the user information of the terminal is identified by using the user certificate, and the terminal can log in the first application server for access.
For example, when the first application server is application a, the TOKEN authentication center encrypts the user credential of the terminal through the encryption algorithm a under the condition that authentication is successful, then sends the encrypted user encryption credential to application a, and then the application a decrypts the user encryption credential according to the corresponding decryption algorithm a to obtain the user credential.
According to the embodiment, the user encryption certificate sent by the TOKEN authentication center can be obtained according to the authentication result of the TOKEN authentication center and the encryption algorithm aiming at the first application server, and then the first application server can decrypt the user encryption certificate according to the corresponding decryption algorithm so as to obtain the user certificate, so that the effectiveness and the safety of authentication are ensured.
In some examples, the TOKEN authentication center also needs to authenticate TOKEN and whether the ID carried by TOKEN matches the first application server, and in case of matching, the TOKEN authentication center sends the user encryption credential to the first application server.
Optionally, in the case that the target authentication center is N second application servers, in order to obtain valid user credentials, in one embodiment, the URL may further include N pieces of user encrypted credentials, and step S203, obtaining, according to an authentication result returned by the target authentication center in response to the first authentication request, the user credentials may include:
receiving N user credential fragments sent by N second application servers, wherein the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence manner based on the N second application servers;
And splicing the N user credential fragments to obtain the user credential.
In this embodiment, the URL may further include N pieces of user encryption credentials, where the N pieces of user encryption credentials are in one-to-one correspondence with N second application servers. For ease of understanding, a first application server will be described below as application a, and a second application server will be described as application B, application C, and application D.
When the first application server is the application a, the second application server 1 is the application B, the second application server 2 is the application C, and the second application server 3 is the application D. At this time, the user credentials of the terminal may be correspondingly split into a user credential fragment 1, a user credential fragment 2, and a user credential fragment 3.
The splitting method of the user credentials can adopt field equal splitting, can randomly split or split according to other preset splitting modes.
And encrypting the split user credential fragments by adopting the encryption algorithm corresponding to each second application server. For example, the user credential segment 1 is encrypted according to an encryption algorithm B corresponding to the application B, so as to obtain the user encryption credential segment 1; the user certificate fragment 2 is encrypted according to an encryption algorithm C corresponding to the application C to obtain a user encryption certificate fragment 2; and the user certificate fragment 3 is encrypted according to an encryption algorithm D corresponding to the application D, so that the user encryption certificate fragment 3 is obtained.
When receiving the authentication request, each second application server respectively acquires a corresponding user encryption credential segment, and decrypts the user encryption credential segment according to a corresponding decryption algorithm to obtain a user credential segment.
As shown in fig. 4, the first application server may receive N pieces of user credentials sent by N second application servers. For example, the first application server may receive the user credential segment 1 sent by the second application server 1, and may also receive the user credential segment 2.
In this embodiment, when the TOKEN authentication center is closed, N second application servers are used to perform distributed authentication, so as to meet the authentication service requirement of multiple scenarios.
Optionally, in the case of initiating the second authentication request to the N second application servers, in order to obtain valid user credentials, in one embodiment, the URL further includes N pieces of user encryption credentials, and obtaining, according to the authentication results returned by the N second application servers in response to the second authentication requests, the user credentials may include:
Receiving N user credential fragments sent by N second application servers, wherein the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence manner based on the N second application servers;
and splicing the N user credential fragments to obtain the user credential.
The embodiment can adopt N second application servers to carry out distributed authentication when the TOKEN authentication center works abnormally, for example, when the TOKEN authentication center has the conditions of unreachable network, non-communicable ports, overtime service response and the like, thereby meeting the authentication service requirements of multiple scenes.
In this embodiment, the specific implementation manner of performing distributed authentication through N second application servers is basically the same as the above embodiment, and will not be described herein again.
Optionally, in order to prevent circumventing the disguised distributed authentication behavior performed by the TOKEN authentication center, in an embodiment, the N user credential segments may be obtained by decrypting the N user encryption credential segments in a one-to-one correspondence manner based on the condition that the state information of the TOKEN authentication center is closed and/or the TOKEN authentication center is abnormal by the N second application servers.
In this embodiment, after receiving the authentication request of the first application server, the N second application servers may trigger the login operation of the terminal to determine whether the TOKEN authentication center is in a closed state or whether there is a working abnormality.
When the TOKEN authentication center is in a non-working state, namely the state information of the TOKEN authentication center is closed, and/or the TOKEN authentication center works abnormally, the N second application servers decrypt the N user encryption credential fragments in a one-to-one correspondence manner, and then return the N user credential fragments to the first application server.
When the TOKEN authentication center is in a working state, namely the state information of the TOKEN authentication center is on, and the TOKEN authentication center works normally, judging that the authentication request of the first application server is an abnormal request. The return of the user credential fragment to the first application server may be denied at this point.
The embodiment can effectively prevent the disguised authentication from being carried out by bypassing the TOKEN authentication center, and further ensures the security of authentication.
It should be noted that the authentication method is implemented based on an authentication system. The first application server is used as an execution main body of the authentication method and can be used for realizing the authentication method. Specific functions and technical effects thereof can be found in the method embodiment, and are not described herein.
In order to facilitate understanding of the authentication method provided in the above embodiment, the authentication method is described in the following in a specific embodiment. Fig. 5 shows a flow chart of an embodiment of a scenario of the authentication method described above.
As shown in fig. 5, in this embodiment of the present scenario, the SSO authentication center generates a URL in response to a trigger of the terminal for the first application server, and returns the URL to the terminal, and the terminal initiates an access request to the first application server according to the URL.
The first application server receives the access request sent by the terminal and selects whether to initiate a center authentication request to the TOKEN authentication center or initiate distributed authentication requests to N second application servers according to the situation.
When the first application server initiates a center authentication request to the TOKEN authentication center, the TOKEN authentication center responds to the authentication request and returns an authentication result to the first application server, and the first application server acquires a user credential according to the authentication result.
Or when the first application server initiates the distributed authentication request to the N second application servers, the N second application servers respond to the authentication request and return an authentication result to the first application server, and the first application server acquires the user certificate according to the authentication result.
The first application server identifies the user information of the terminal according to the acquired user credentials, and returns the login verification result to the terminal so as to complete the login of the terminal.
Based on the authentication method provided by the embodiment, the application also provides an embodiment of an authentication device.
Fig. 6 is a schematic structural diagram of an authentication device according to another embodiment of the present application, and for convenience of explanation, only a portion related to the embodiment of the present application is shown.
Referring to fig. 6, the authentication apparatus may include:
the receiving module 601 may be configured to receive an access request of a terminal, where the access request is initiated according to a URL generated by an SSO authentication center, and the URL includes TOKEN and status information of a TOKEN authentication center corresponding to the TOKEN, where the status information is used to indicate opening or closing of the TOKEN authentication center;
the first sending module 602 may be configured to send a first authentication request corresponding to the state information to a target authentication center in response to the access request, where the target authentication center is a TOKEN authentication center when the state information is on, and N second application servers when the state information is off, and N is an integer greater than 1;
the first obtaining module 603 may be configured to obtain, according to an authentication result returned by the target authentication center in response to the first authentication request, a user credential, where the user credential is used to identify user information of the terminal to complete login.
Optionally, in an embodiment, in a case that the target authentication center is a TOKEN authentication center, the authentication apparatus may further include:
the second initiating module can be used for initiating second authentication requests to N second application servers under the condition that the TOKEN authentication center works abnormally;
and the second acquisition module can be used for acquiring the user certificate according to authentication results returned by the N second application servers in response to the second authentication request.
Optionally, in an embodiment, in a case where the target authentication center is a TOKEN authentication center, the URL may further include authentication aging of TOKEN, and the first obtaining module 603 may include:
the first acquisition unit can be used for acquiring a user encryption certificate sent by the TOKEN authentication center in authentication time;
and the decryption unit can be used for decrypting the user encryption certificate according to a preset decryption algorithm so as to obtain the user certificate.
Optionally, in an embodiment, in a case that the target authentication center is N second application servers, the URL further includes N pieces of user encryption credentials, and the first obtaining module 603 may include:
the second obtaining unit can be used for receiving N user credential fragments sent by N second application servers, and the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence mode based on the N second application servers;
The first splicing unit can be used for splicing the N user credential fragments to obtain the user credential.
Optionally, in one embodiment, the URL further includes N pieces of user encryption credentials, and the second obtaining module may include:
the third obtaining unit can be used for receiving N user credential fragments sent by N second application servers, and the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence mode based on the N second application servers;
and the second splicing unit can be used for splicing the N user credential fragments to obtain the user credential.
Optionally, in an embodiment, the N user credential segments may be obtained by decrypting the N user encryption credential segments in a one-to-one correspondence based on the N second application servers when the status information of the TOKEN authentication center is closed and/or the TOKEN authentication center is abnormal.
It should be noted that, based on the same conception as the embodiment of the method of the present application, the content of information interaction and execution process between the above devices/units is a device corresponding to the authentication method, and all implementation manners in the above method embodiment are applicable to the embodiment of the device, and specific functions and technical effects thereof may be referred to the method embodiment section, and are not repeated herein.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Fig. 7 is a schematic hardware structure of an electronic device according to another embodiment of the present application.
The device may include a processor 701 and a memory 702 storing computer program instructions.
The steps of any of the various method embodiments described above are implemented when the processor 701 executes a computer program.
By way of example, a computer program may be partitioned into one or more modules/units that are stored in the memory 702 and executed by the processor 701 to complete the present application. One or more of the modules/units may be a series of computer program instruction segments capable of performing specific functions to describe the execution of the computer program in the device.
In particular, the processor 701 described above may include a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured to implement one or more integrated circuits of embodiments of the present application.
Memory 702 may include mass storage for data or instructions. By way of example, and not limitation, memory 702 may comprise a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, magnetic tape, or universal serial bus (Universal Serial Bus, USB) Drive, or a combination of two or more of the foregoing. The memory 702 may include removable or non-removable (or fixed) media, where appropriate. Memory 702 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 702 is a non-volatile solid state memory.
The memory may include Read Only Memory (ROM), random Access Memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors) it is operable to perform the operations described with reference to methods in accordance with aspects of the present disclosure.
The processor 701 implements any of the methods of the above embodiments by reading and executing computer program instructions stored in the memory 702.
In one example, the electronic device may also include a communication interface 703 and a bus 710. The processor 701, the memory 702, and the communication interface 703 are connected via a bus 710 and communicate with each other.
The communication interface 703 is mainly used for implementing communication between each module, device, unit and/or apparatus in the embodiments of the present application.
Bus 710 includes hardware, software, or both that couple the components of the online data flow billing device to each other. By way of example, and not limitation, the buses may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a HyperTransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a micro channel architecture (MCa) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus, or a combination of two or more of the above. Bus 710 may include one or more buses, where appropriate. Although embodiments of the present application describe and illustrate a particular bus, the present application contemplates any suitable bus or interconnect.
In addition, in combination with the method in the above embodiment, the embodiment of the application may be implemented by providing a computer storage medium. The computer storage medium has stored thereon computer program instructions; which when executed by a processor, performs any of the methods of the above embodiments.
It should be clear that the present application is not limited to the particular arrangements and processes described above and illustrated in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications, and additions, or change the order between steps, after appreciating the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented in hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the present application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave. A "machine-readable medium" may include any medium that can store or transfer information. Examples of machine-readable media include electronic circuitry, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and the like. The code segments may be downloaded via computer grids such as the internet, intranets, etc.
It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be different from the order in the embodiments, or several steps may be performed simultaneously.
Aspects of the present disclosure are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to being, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware which performs the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the foregoing, only the specific embodiments of the present application are described, and it will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein. It should be understood that the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present application, which are intended to be included in the scope of the present application.

Claims (9)

1. The authentication method is characterized by being applied to a first application server in an authentication system, wherein the authentication system further comprises a single sign-on (SSO) authentication center, a TOKEN authentication center and N second application servers, N is an integer greater than 1, and the authentication method comprises the following steps:
receiving an access request of a terminal, wherein the access request is initiated according to a Uniform Resource Locator (URL) generated by the SSO authentication center, the URL comprises a TOKEN and state information of a TOKEN authentication center corresponding to the TOKEN, and the state information is used for indicating the opening or closing of the TOKEN authentication center;
Responding to the access request, and initiating a first authentication request corresponding to the state information to a target authentication center, wherein the target authentication center is the TOKEN authentication center when the state information is on, and the target authentication center is the N second application servers when the state information is off;
acquiring a user certificate according to an authentication result returned by the target authentication center in response to the first authentication request, wherein the user certificate is used for identifying user information of the terminal so as to complete login;
in the case that the target authentication center is the N second application servers, the URL further includes N pieces of user encryption credentials,
the step of obtaining the user certificate according to the authentication result returned by the target authentication center in response to the first authentication request comprises the following steps:
receiving N user credential fragments sent by the N second application servers, wherein the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence manner based on the N second application servers;
and splicing the N user credential fragments to obtain the user credential.
2. The method according to claim 1, wherein in case the target authentication center is the TOKEN authentication center, after the first authentication request corresponding to the status information is initiated to the target authentication center in response to the access request, the method further comprises:
under the condition that the TOKEN authentication center works abnormally, initiating second authentication requests to the N second application servers;
and acquiring user credentials according to authentication results returned by the N second application servers in response to the second authentication requests.
3. The method of claim 1, wherein in the case where the target authentication center is the TOKEN authentication center, the URL further includes an authentication age of the TOKEN,
the step of obtaining the user certificate according to the authentication result returned by the target authentication center in response to the first authentication request comprises the following steps:
acquiring a user encryption certificate sent by the TOKEN authentication center in the authentication timeliness;
and decrypting the user encryption certificate according to a preset decryption algorithm to obtain the user certificate.
4. The method of claim 2, wherein the URL further comprises N pieces of user encryption credentials,
The step of obtaining the user credentials according to the authentication results returned by the N second application servers in response to the second authentication request includes:
receiving N user credential fragments sent by the N second application servers, wherein the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence manner based on the N second application servers;
and splicing the N user credential fragments to obtain the user credential.
5. The method according to claim 1 or 4, wherein the N user credential fragments are decrypted in a one-to-one correspondence based on the N second application servers in case the status information of the TOKEN authentication center is closed and/or the TOKEN authentication center is working abnormally.
6. An authentication system, the system comprising:
the SSO authentication center is used for generating a URL according to the received terminal input information and sending the URL to the terminal, wherein the terminal input information is information generated by receiving user input by the terminal, and the URL comprises TOKEN, state information of the TOKEN authentication center corresponding to the TOKEN, authentication timeliness of the TOKEN and N user encryption credential fragments;
A first application server for implementing the authentication method according to any one of claims 1-5;
the TOKEN authentication center is used for receiving an authentication request initiated by the first application server and responding to the authentication request to return an authentication result to the first application server;
n second application servers for receiving the authentication request initiated by the first application server and responding to the authentication request, returning the authentication result to the first application server,
wherein N is an integer greater than 1.
7. An authentication device, the device comprising:
the receiving module is used for receiving an access request of the terminal, wherein the access request is initiated according to a Uniform Resource Locator (URL) generated by the SSO authentication center, the URL comprises a TOKEN and state information of the TOKEN authentication center corresponding to the TOKEN, and the state information is used for indicating the opening or closing of the TOKEN authentication center;
the first sending module is used for responding to the access request and sending a first authentication request corresponding to the state information to a target authentication center, wherein the target authentication center is the TOKEN authentication center when the state information is on, the target authentication center is N second application servers when the state information is off, and N is an integer larger than 1;
The first acquisition module is used for acquiring a user certificate according to an authentication result returned by the target authentication center in response to the first authentication request, wherein the user certificate is used for identifying user information of the terminal so as to finish login;
in the case that the target authentication center is N second application servers, the URL further includes N user encryption credential fragments, and the first obtaining module may include:
the second acquisition unit is used for receiving N user credential fragments sent by N second application servers, and the N user credential fragments are obtained by decrypting the N user encryption credential fragments in a one-to-one correspondence mode based on the N second application servers;
and the first splicing unit is used for splicing the N user credential fragments to obtain the user credential.
8. An electronic device, the device comprising: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the method of any of claims 1-5.
9. A computer storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of any of claims 1-5.
CN202110408848.8A 2021-04-16 2021-04-16 Authentication method, system, device, equipment and computer storage medium Active CN115225293B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110408848.8A CN115225293B (en) 2021-04-16 2021-04-16 Authentication method, system, device, equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110408848.8A CN115225293B (en) 2021-04-16 2021-04-16 Authentication method, system, device, equipment and computer storage medium

Publications (2)

Publication Number Publication Date
CN115225293A CN115225293A (en) 2022-10-21
CN115225293B true CN115225293B (en) 2024-03-08

Family

ID=83605392

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110408848.8A Active CN115225293B (en) 2021-04-16 2021-04-16 Authentication method, system, device, equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN115225293B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101546453A (en) * 2008-03-25 2009-09-30 海尔集团公司 Method and device for authenticating IC card
CN101674285A (en) * 2008-09-08 2010-03-17 中兴通讯股份有限公司 Single sign-on system and method thereof
CN101771537A (en) * 2008-12-26 2010-07-07 中国移动通信集团公司 Processing method and certificating method for distribution type certificating system and certificates of certification thereof
CN105282105A (en) * 2014-07-03 2016-01-27 中兴通讯股份有限公司 Distributed security authentication method of cluster system, device and system
CN107742081A (en) * 2017-09-04 2018-02-27 京江南数娱(北京)科技有限公司 Encryption and decryption approaches, device, storage medium and processor
CN110036615A (en) * 2017-04-18 2019-07-19 谷歌有限责任公司 Via parameter devolved authentication information
CN111199036A (en) * 2020-01-06 2020-05-26 北京三快在线科技有限公司 Identity verification method, device and system
US10764752B1 (en) * 2018-08-21 2020-09-01 HYPR Corp. Secure mobile initiated authentication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8051179B2 (en) * 2006-02-01 2011-11-01 Oracle America, Inc. Distributed session failover

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101546453A (en) * 2008-03-25 2009-09-30 海尔集团公司 Method and device for authenticating IC card
CN101674285A (en) * 2008-09-08 2010-03-17 中兴通讯股份有限公司 Single sign-on system and method thereof
CN101771537A (en) * 2008-12-26 2010-07-07 中国移动通信集团公司 Processing method and certificating method for distribution type certificating system and certificates of certification thereof
CN105282105A (en) * 2014-07-03 2016-01-27 中兴通讯股份有限公司 Distributed security authentication method of cluster system, device and system
CN110036615A (en) * 2017-04-18 2019-07-19 谷歌有限责任公司 Via parameter devolved authentication information
CN107742081A (en) * 2017-09-04 2018-02-27 京江南数娱(北京)科技有限公司 Encryption and decryption approaches, device, storage medium and processor
US10764752B1 (en) * 2018-08-21 2020-09-01 HYPR Corp. Secure mobile initiated authentication
CN111199036A (en) * 2020-01-06 2020-05-26 北京三快在线科技有限公司 Identity verification method, device and system

Also Published As

Publication number Publication date
CN115225293A (en) 2022-10-21

Similar Documents

Publication Publication Date Title
US9276753B2 (en) System and method for data authentication among processors
CN109167802B (en) Method, server and terminal for preventing session hijacking
CN105450406A (en) Data processing method and device
CN110659467A (en) Remote user identity authentication method, device, system, terminal and server
KR20200013764A (en) Method for mutual symmetric authentication between first application and second application
US20170041150A1 (en) Device certificate providing apparatus, device certificate providing system, and non-transitory computer readable recording medium which stores device certificate providing program
US11159329B2 (en) Collaborative operating system
US11457363B2 (en) System and method for securing disassociated security credentials
CN104426659A (en) Dynamic password generating method, authentication method, authentication system and corresponding equipment
KR20150045790A (en) Method and Apparatus for authenticating and managing an application using trusted platform module
CN104935435A (en) Login methods, terminal and application server
EP3133791B1 (en) Double authentication system for electronically signed documents
CN114244522A (en) Information protection method and device, electronic equipment and computer readable storage medium
CN111901303A (en) Device authentication method and apparatus, storage medium, and electronic apparatus
CN109451504B (en) Internet of things module authentication method and system
CN114297609A (en) Single sign-on method and device, electronic equipment and computer readable storage medium
CN117118763B (en) Method, device and system for data transmission
KR101799517B1 (en) A authentication server and method thereof
CN115344848B (en) Identification acquisition method, device, equipment and computer readable storage medium
US9900300B1 (en) Protection against unauthorized cloning of electronic devices
CN115225293B (en) Authentication method, system, device, equipment and computer storage medium
CN116684156A (en) Password-free login authentication method, device, equipment, medium and product
CN106961417B (en) Identity verification method based on ciphertext
CN111338841A (en) Data processing method, device, equipment and storage medium
CN114389793B (en) Method, device, equipment and computer storage medium for verifying session key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant