CN115225299B - User authentication method, server and system - Google Patents
User authentication method, server and system Download PDFInfo
- Publication number
- CN115225299B CN115225299B CN202110420384.2A CN202110420384A CN115225299B CN 115225299 B CN115225299 B CN 115225299B CN 202110420384 A CN202110420384 A CN 202110420384A CN 115225299 B CN115225299 B CN 115225299B
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- identity
- identity authentication
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a user authentication method, a server and a system, wherein the method comprises the following steps: setting an authentication module corresponding to the target computing cluster; acquiring authentication request information sent by a user authentication terminal, wherein the authentication request information comprises account type and identity authentication information; determining an identity authentication source corresponding to the user according to the account type; under the condition that the identity authentication source is a target computing cluster, sending identity authentication information to the identity authentication source according to the authentication module so as to perform identity authentication; and under the condition that the identity authentication is successful, generating and returning an identity token to the user authentication end so that the user authentication end can access the high-performance computing service environment according to the identity token. According to the method and the device, on the premise that the original infrastructure is not changed, a user can quickly log in a high-performance computing service environment by adopting an original account; the login accuracy is improved; and the working efficiency of the user is obviously improved, the complexity of operation is reduced, and the experience of the user is greatly improved.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a user authentication method, a server, and a system.
Background
High performance computing service environments are an important means of technological innovation, capable of providing a variety of specialized software, and large computing servers. The current high-performance computing service environment already covers a plurality of large-scale computing nodes, provides convenient computing services for users, and then more computing nodes can be added into the environment.
With the development of science and technology, the number and variety of computing nodes and externally supported application communities and service platforms of the high-performance computing service environment aggregate are increasing. Users of computing nodes and application communities and business platforms want to directly log in to access a high performance computing service environment using a primary account number. In the prior art, when a user logs in to access a high-performance computing service environment, authentication is required to be performed respectively for different computing nodes, so that the efficiency is low, the computing amount is large, and the user operation is complicated; when a user of the computing cluster logs in to access the cluster, a complex password needs to be input in an execution interface, and the defects of troublesome operation, incapability of realizing visualization and easiness in error exist.
In the prior art, although some methods supporting third party authentication exist, because of the specificity of the computing cluster, the computing cluster cannot directly use the existing third party authentication method to log in to access the high-performance computing service environment.
Disclosure of Invention
The embodiment of the application provides a user authentication method, a server and a system, so as to provide a convenient method for a user to quickly log in a high-performance computing service environment by adopting a primary account.
The embodiment of the application adopts the following technical scheme:
according to an aspect of the present application, there is provided a user authentication method performed by a user authentication server, including:
setting an authentication module corresponding to a target computing cluster, wherein the target computing cluster is a computing cluster accessed to a user authentication system;
acquiring authentication request information sent by a user authentication end, wherein the authentication request information comprises account type and identity authentication information of a user;
determining an identity authentication source corresponding to the user according to the account type;
under the condition that the identity authentication source is a target computing cluster, sending identity authentication information to the identity authentication source according to the authentication module so as to perform identity authentication;
and under the condition that the identity authentication is successful, generating and returning an identity token to the user authentication end so that the user authentication end can access the high-performance computing service environment according to the identity token.
Optionally, in the above method, setting an authentication module corresponding to the target computing cluster includes:
Setting an authentication interface corresponding to the target computing cluster, so that the interface can package the received identity authentication information into an authentication information format supported by the target computing cluster;
sending the identity authentication information to the identity authentication source according to the authentication module to perform identity authentication comprises:
the identity authentication information is packaged through the authentication interface, and the packaged identity authentication information is sent to the cluster terminal of the target computing cluster, so that the cluster terminal sends the packaged identity authentication information to the identity authentication source to perform identity authentication.
Optionally, in the above method, setting an authentication module corresponding to the target computing cluster includes:
setting an analog terminal corresponding to a cluster terminal of a target computing cluster;
sending the identity authentication information to the identity authentication source according to the authentication module to perform identity authentication comprises:
and encapsulating the identity authentication information into an authentication information format supported by the target computing cluster by using the analog terminal, and transmitting the encapsulated identity authentication information to an identity authentication source to perform identity authentication.
Optionally, in the above method, the obtaining authentication request information sent by the user authentication end includes:
providing a front-end page for the user authentication end, and receiving authentication request information sent by the user authentication end through the front-end page;
The front-end page comprises an account type control and an identity authentication information input control;
the selectable items of the account type control are configured according to the applications and/or computing clusters supported by the user authentication system;
the identity authentication information input control is configured with an input verification rule.
Optionally, in the above method, determining, according to the account type, an identity authentication source corresponding to the user includes:
acquiring network environment information of a user authentication end under the condition that the account type is a computing cluster type;
identifying a computing cluster corresponding to the user authentication end according to the network environment information;
and taking the identified identity authentication source of the computing cluster as the identity authentication source corresponding to the user.
Optionally, the method further comprises:
if the computing cluster corresponding to the user authentication end cannot be identified according to the network environment information, the authentication failure information is returned to the user authentication end.
Optionally, the method further comprises:
judging whether the user is a registered user in the user authentication system according to the authentication request information;
if the user is not the registered user, acquiring user registration information;
and registering the user in the user authentication system according to the user registration information.
Optionally, in the above method, determining whether the user is a registered user in the user authentication system according to the authentication request information includes:
searching in a registered user list of an identity authentication source corresponding to the user according to the user name in the identity authentication information;
if the user is able to be retrieved, the user is a registered user in the user authentication system, otherwise, the user is not a registered user in the user authentication system.
Optionally, the method further comprises:
under the condition that the identity authentication source is the self authentication source of the user authentication system, authenticating the identity authentication information based on the LDAP protocol;
and under the condition that the identity authentication source is a third party application, the identity authentication information is sent to the identity authentication source through an OAuth2 protocol so as to carry out identity authentication.
According to another aspect of the present application, there is provided a user authentication server for implementing any of the methods described above.
According to still another aspect of the present application, there is provided a user authentication system, including the user authentication server as described above, and a plurality of user authentication ends;
the user authentication end is used for sending user authentication information to the user authentication server and receiving an identity token returned by the user authentication server; and accessing the high performance computing service environment based on the identity token.
The above-mentioned at least one technical scheme that this application embodiment adopted can reach following beneficial effect:
according to the method, the authentication module corresponding to the target computing clusters is constructed, the authentication module is linked with the user authentication end where the user is located and the identity authentication sources of the target computing clusters, user information of different sources is distributed to the corresponding identity authentication sources for authentication, so that the users of different computing clusters can quickly log in and access to the high-performance computing service environment by adopting the original identity account information at the user authentication end, and under the premise of not changing the original infrastructure, the users of the computing clusters can quickly log in to the high-performance computing service environment without writing complicated passwords or applying new accounts; the login accuracy is improved; and the working efficiency of the user is obviously improved, the complexity of operation is reduced, and the experience of the user is greatly improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a flow chart of a user authentication method according to one embodiment of the present application;
FIG. 2 is a schematic diagram of a user authentication system according to one embodiment of the present application;
FIG. 3 is a schematic diagram of a user authentication system according to another embodiment of the present application;
FIG. 4 is a flow chart of a user authentication method according to another embodiment of the present application;
fig. 5 is a schematic diagram of the structure of a user authentication server according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The following describes in detail the technical solutions provided by the embodiments of the present application with reference to the accompanying drawings.
The high-performance computing service environment is a platform for comprehensively managing and using national high-quality computing resources, can provide hardware services with strong computing power on one hand, and can provide rich software such as open source software, business software and autonomously developed software on the other hand, and relates to the fields of quantum chemistry, molecular simulation, high-energy physics, bioscience and the like.
With the development of high-performance computing service environments, the computing nodes and supported application communities and service platforms of the high-performance computing service environments aggregate more and more. In the prior art, when a user of a computing cluster logs in to access a high-performance computing service environment, a complex password is required to be input in an execution interface, the operation is complex, and errors are easy to occur; users of third party applications such as application communities or service platforms need to reapply accounts in a high-performance computing service environment, so that the number of accounts of one user is large, and the users are easy to forget and confuse. In order to improve the use feeling of users, the application aims to provide a unified authentication method, so that the users of the computing clusters can use the original account numbers to quickly and conveniently log in to access a high-performance computing service environment, and the use feeling of the users is obviously improved.
Fig. 1 shows a flow chart of a user authentication method according to an embodiment of the present application, and as can be seen from fig. 1, the method is performed by a user authentication server, and includes at least steps S110 to S150:
step S110: and setting an authentication module corresponding to a target computing cluster, wherein the target computing cluster is a computing cluster accessed to a user authentication system.
Computing clusters include, but are not limited to, large computing centers where high performance computing service environments have been aggregated. The computing clusters are typically used in the following manner: user authentication is carried out through the cluster terminal, and after the authentication is passed, the computing task is submitted through the cluster terminal.
The special feature of the computing clusters is that the cluster terminals are not realized through a browser architecture, the cluster terminals do not have a visual login interface for each computing cluster, users of each computing cluster can log in only through execution sentences, the operation is complex, errors are easy to occur, and user authentication of the cluster terminals cannot be unified with user authentication of other computing nodes simply.
For the above characteristics of the computing cluster, the design of the embodiments of the present application is that, first, an authentication module corresponding to the target computing cluster is established, where the authentication module is set on a user authentication server, and is used to implement authentication communication with the target computing cluster. Therefore, the difficulty that the user authentication end of the browser architecture cannot directly establish authentication communication with the target computing cluster is solved.
It should be noted that, the applicable object of the method is a user of a computing cluster which has been accessed into a high-performance computing service environment, and for the computing cluster which has not been added into the high-performance computing service environment, before accessing the high-performance computing service environment, the user needs to aggregate into the high-performance computing service environment first, and after adding into the high-performance computing service environment, a corresponding authentication module is set.
Step S120: and acquiring authentication request information sent by a user authentication end, wherein the authentication request information comprises the account type and identity authentication information of the user.
The user logs in by using the user information filled in a user login interface of the user authentication end, the user authentication end generates authentication request information according to the user information, and the user authentication end sends the authentication request information to the user authentication server. The authentication request information at least comprises account types and identity authentication information of the user, wherein the account types of the user are set differently according to different target computing clusters, and the account types can specifically represent which computing cluster the target computing cluster is, for example, an A large computing center corresponds to the A account type, a B large computing center corresponds to the B account type, and a C large computing center corresponds to the C account type. After one computing cluster is accessed to the high-performance computing user authentication service, a specific corresponding account type is set for the computing cluster, and the user selects or fills in according to the computing cluster where the user is located.
The identity authentication information includes, but is not limited to, a user name and a password, where it is to be noted that the identity authentication information, such as the user name and the password, is original to the user, in the account management system of the respective computing cluster, and may be referred to as, for example, the original user name and the original password, without re-application.
Step S130: and determining an identity authentication source corresponding to the user according to the account type.
For the identity authentication of the user is performed by the identity authentication source of the computing cluster where the user is located, the identity authentication source includes but is not limited to an account management system of the computing cluster, and because the account type can specifically characterize which computing node the target computing cluster is, which computing cluster the identity authentication source of a certain user is can be determined according to the account type.
If the account number type filled in by a user is the A account number type, determining that the identity authentication source of the user is an A large-scale computing center; and if the account number type filled in by the user is the B account number type, determining that the identity authentication source of the user is the B large-scale computing center.
Step S140: and under the condition that the identity authentication source is a target computing cluster, sending identity authentication information to the identity authentication source according to the authentication module so as to carry out identity authentication.
Taking the target computing cluster as an A large computing center as an example, when the identity authentication source is the A large computing center, the authentication module sends the identity authentication information of the user to the A large computing center so that the A large computing center authenticates the received identity authentication information of the user. The transmission may be direct or indirect via another relay path.
Step S150: and under the condition that the identity authentication is successful, generating and returning an identity token to the user authentication end so that the user authentication end can access the high-performance computing service environment according to the identity token.
Under the condition that the identity authentication is successful, the user is authorized, specifically, after receiving the message that the identity authentication is successful, the user authentication server generates an identity Token (Token) and returns the identity Token to the user authentication end, and the user authentication end can access the high-performance computing service environment according to the identity Token and utilize resources in the high-performance computing service environment, including but not limited to hardware resources and software resources.
The Token may be a string of characters generated by the user authentication server, and when the user authentication end logs in, the user authentication server generates a Token and returns the Token to the user authentication end, and then the user authentication end can access the high-performance computing service environment only by carrying the Token.
As can be seen from the method shown in fig. 1, the authentication module of the target computing cluster is constructed, the authentication module is linked with the user authentication end where the user is located and the identity authentication sources of each target computing cluster, and the user information of different sources is distributed to the corresponding identity authentication sources for authentication, so that the computing cluster can quickly log in and access to the high-performance computing service environment by adopting the original identity account information at the user authentication end, and under the premise of not changing the original infrastructure, the user of the computing cluster can quickly log in the high-performance computing service environment without writing a complicated password or applying a new account; the login accuracy is improved; and the working efficiency of the user is obviously improved, the complexity of operation is reduced, and the experience of the user is greatly improved.
In some embodiments of the present application, in the above method, setting an authentication module corresponding to the target computing cluster includes: and setting an authentication interface corresponding to the target computing cluster, so that the authentication interface can package the received identity authentication information into an authentication information format supported by the target computing cluster. Sending identity authentication information to the identity authentication source according to the authentication module to perform identity authentication comprises: and packaging the identity authentication information through an authentication interface, and sending the packaged identity authentication information to a cluster terminal of a target computing cluster, so that the cluster terminal sends the packaged identity authentication information to the identity authentication source to perform identity authentication.
The authentication module may be disposed on the user authentication server, and the specific form may be, but is not limited to, an authentication interface, where the authentication interface is capable of receiving and converting the identity authentication information, and in particular, receiving the identity authentication information sent by the user authentication end, where the identity authentication information may include, but is not limited to, a user name and a password, and then encapsulating the identity authentication information, and converting the identity authentication information into an authentication information format supported by the target computing cluster during the encapsulation process.
In the step of distributing the identity authentication information, the authentication interface can send the packaged identity authentication information to the cluster terminal of the target computing cluster, and the cluster terminal can be an independent terminal specially set for user authentication at the computing cluster or can be integrated at the user authentication end.
Fig. 2 shows a schematic structural diagram of a user authentication system according to an embodiment of the present application, in which a cluster terminal is an independent terminal specifically set for user authentication at a computing cluster, and as can be seen from fig. 2, the user authentication system 1000 includes: the user authentication server 100 and at least one computing cluster, here denoted as a computing cluster and B computing cluster. The user authentication server 100 comprises an authentication module 110, the authentication module 110 comprising an authentication interface 111. Taking the example of a computing cluster, the a computing cluster 200-1 includes a user authentication end 210-1, a cluster terminal 220-1 and an identity authentication source 230-1, where the cluster terminal 220-1 is communicatively connected to the user authentication end 210-1 and the identity authentication source 230-1, respectively.
The user authentication server 100 is communicatively connected to each computing cluster, and specifically, the authentication module 110 is communicatively connected to the user authentication terminal 210-1 and the cluster terminal 220-1, respectively.
The specific flow of performing the above-described user authentication method using the user authentication system shown in fig. 2 can be described as follows:
the user authentication terminal 210-1 receives user information filled in by a user, generates authentication request information according to the user information, and transmits the authentication request information to the authentication interface 111 of the authentication module 110 of the user authentication server 100. The authentication interface 111 analyzes the authentication request information to obtain account type and identity authentication information, and determines which computing cluster is the identity authentication source corresponding to the user according to the account type, which is exemplified by a computing cluster. The authentication interface 111 encapsulates the identity authentication information into an authentication information format supported by the a computing cluster, and sends the encapsulated identity authentication information to the a-cluster terminal 220-1, and the cluster terminal 220-1 sends the encapsulated identity authentication information to the a-identity authentication source 230-1 for identity authentication.
In some embodiments of the present application, setting an authentication module corresponding to a target computing cluster includes: setting an analog terminal corresponding to a cluster terminal of a target computing cluster; sending the identity authentication information to the identity authentication source according to the authentication module to perform identity authentication comprises: and encapsulating the identity authentication information into an authentication information format supported by the target computing cluster by using the analog terminal, and transmitting the encapsulated identity authentication information to an identity authentication source to perform identity authentication.
In order to transfer the calculation amount to the user authentication server, an analog terminal corresponding to the cluster terminal of the target calculation cluster can be arranged on the user authentication server, and the analog terminal can realize all functions of the cluster terminal. In the case of an analog terminal, the encapsulation and distribution of the authentication information is taken care of by the analog terminal.
Fig. 3 shows a schematic structural diagram of a user authentication system according to another embodiment of the present application, in which an analog terminal is provided, and as can be seen from fig. 3, the user authentication system 1000 includes:
the user authentication server 100 and at least one computing cluster, here denoted as a computing cluster and B computing cluster. The user authentication server 100 includes an authentication module 110, and the authentication module 110 includes an analog terminal 112. Taking the example of a computing cluster, the a computing cluster 200-1 includes a user authentication end 210-1, a cluster terminal 220-1 and an identity authentication source 230-1, where the cluster terminal 220-1 is communicatively connected to the user authentication end 210-1 and the identity authentication source 230-1, respectively.
The user authentication server 100 is communicatively connected to each computing cluster, and specifically, the authentication module 110 is communicatively connected to the user authentication terminal 210-1 and the cluster terminal 220-1, respectively.
The specific flow of performing the above-described user authentication method using the user authentication system shown in fig. 3 may be described as follows:
the user authentication terminal 210-1 receives user information filled in by a user, generates authentication request information according to the user information, and transmits the authentication request information to the analog terminal 112 of the authentication module 110 of the user authentication server 100. The analog terminal 112 analyzes the authentication request information to obtain account type and identity authentication information, and determines which computing cluster is the identity authentication source corresponding to the user according to the account type, which is exemplified by a computing cluster. The analog terminal 112 encapsulates the identity authentication information into an authentication information format supported by the a computing cluster, and sends the encapsulated identity authentication information to the a cluster terminal 220-1, and the cluster terminal 220-1 sends the encapsulated identity authentication information to the a identity authentication source 230-1 for identity authentication.
The foregoing embodiments show two specific implementations of the authentication module, in one way, the authentication module does not directly communicate with the identity authentication source, but communicates with the identity authentication source through the original trunking terminal, which appears to be complicated, but the trunking terminal may actually complete identity authentication in this process, that is, in one authentication process, the identity authentication of the user authentication end is implemented, and the identity authentication of the trunking terminal is implemented, so that no matter the user wants to use other applications in the high-performance computing environment through the user authentication end, or wants to use the target computing cluster through the trunking terminal, the identity authentication is not required to be performed again.
In another mode, the authentication module directly communicates with the identity authentication source, and the authentication module actually simulates the identity authentication function of the trunking terminal. In some embodiments, the authentication module may also simulate other functions of the cluster terminal, such as submitting computing tasks to the target computing cluster, etc., but if the user wants to log in to the target computing cluster using the local cluster terminal, the user needs to perform identity authentication again.
In some embodiments of the present application, in the above method, obtaining authentication request information sent by a user authentication end includes: providing a front-end page for the user authentication end, and receiving authentication request information sent by the user authentication end through the front-end page; the front-end page comprises an account type control and an identity authentication information input control; the selectable items of the account type control are configured according to the applications and/or computing clusters supported by the user authentication system; the identity authentication information input control is configured with an input verification rule.
In order to enable a user to fill in information more conveniently, a front-end page can be provided for the user authentication end, so that the visualization operation of logging in to access the high-performance computing service environment can be realized, specifically, information which needs to be filled in or selected by the user can be displayed in the front-end page, at least account type and identity authentication information are displayed, and in the background, the information can be realized through an account type control and an identity authentication information input control, wherein selectable items of the account type control are configured according to applications and/or computing clusters supported by a user authentication system, namely, one application or one cluster corresponds to one selectable item; in order to improve the accuracy of the identity authentication information, the input control may be configured with an input verification rule, so that a user performs verification according to the verification rule.
In some embodiments of the present application, in the above method, determining, according to the account type, an authentication source corresponding to the user includes: acquiring network environment information of a user authentication end under the condition that the account type is a computing cluster type; identifying a computing cluster corresponding to the user authentication end according to the network environment information; and taking the identified identity authentication source of the computing cluster as the identity authentication source corresponding to the user.
In the process of determining the identity authentication source, the identity authentication source may be determined according to the network environment information of the computing clusters, where in general, the network environment information of one computing cluster has an attribute for representing the identity of the computing cluster, for example, the network environment information includes, but is not limited to, a domain name of the computing cluster, an extension of an account number of the computing cluster, and the like, and the computing cluster corresponding to the user authentication end may be determined according to these information. Further, the identity authentication source of the identified computing cluster is used as the identity authentication source corresponding to the user, for example, the account management system of the large-scale computing center A is used as the identity authentication source corresponding to the user.
In some embodiments of the present application, if a computing cluster corresponding to the user authentication end cannot be identified according to the network environment information, authentication failure information is returned to the user authentication end.
That is, if it cannot be determined by the network environment information which computing cluster the user authentication end where the user is belongs to, the source of the user cannot be determined, and further, it cannot be determined to which identity authentication source the identity authentication information of the user is distributed, in which case, authentication failure information is directly returned to the user authentication end.
In some embodiments of the present application, the method further comprises: judging whether the user is a registered user in the user authentication system according to the authentication request information; if the user is not the registered user, acquiring user registration information; and registering the user in the user authentication system according to the user registration information.
A step of verifying whether the user is a registered user may be preceded by authentication of the user's identity, and if so, the preceding and subsequent steps are continued.
This step may also be performed by the authentication source or by the user authentication server, but the purpose of the two is different.
In the case where this step is also performed by the identity authentication source, in some embodiments of the present application, in the above method, determining whether the user is a registered user in the user authentication system according to the authentication request information includes: searching in a registered user list of an identity authentication source corresponding to the user according to the user name in the identity authentication information; if the user is able to be retrieved, the user is a registered user in the user authentication system, otherwise, the user is not a registered user in the user authentication system.
The purpose of the above steps is to verify whether the user is a registered user of the authentication source, and if the user is an unregistered user, the subsequent authentication must not pass, and in order to save the calculation amount, the step may be performed first.
The registered user list is set in the identity authentication source, and the registered user list can be searched according to the user name in the identity authentication information to determine whether the user is the registered user of the identity authentication source, if the user is the registered user of the identity authentication source, the user is further determined to be the registered user in the user authentication system. If the user is not a registered user of the authentication source, indicating that the user is a new user of the authentication source, a registration for the new user is required, the registration comprising assigning a user name and password to the user.
In the case where this step is performed by the user authentication server, the purpose is to determine if a user is first logged into the user accessing the high performance computing service environment. It should be noted here that in this case, the registration does not involve assigning a user name and password to the user, but merely recording the study direction and usage preference of some users, so that the subsequent users are more convenient in using the resources of the high-performance computing service environment.
In some embodiments of the present application, the method further comprises: and under the condition that the identity authentication source is the self authentication source of the user authentication system, authenticating the identity authentication information based on the LDAP protocol. And under the condition that the identity authentication source is a third party application, the identity authentication information is sent to the identity authentication source through an OAuth2 protocol so as to carry out identity authentication.
The users accessing the high performance computing service environment are not limited to users from the computing cluster, but may include users of the user authentication system itself, as well as users of third party applications. Under the condition that the user comes from the self authentication source of the user authentication system, the corresponding identity authentication source of the user is the background authentication service of the user authentication system, at the moment, the authentication is carried out on the identity authentication information based on the LDAP protocol, and the specific authentication method can refer to the prior art.
Under the condition that the user comes from the third party application, the identity authentication source corresponding to the user is the third party application, and at the moment, the identity authentication information can be sent to the third party application through the OAuth2 protocol to carry out identity authentication. Third party applications include, but are not limited to, application communities and business platforms, and the like.
Fig. 4 shows a flow chart of a user authentication method according to another embodiment of the present application, and as can be seen from fig. 4, the embodiment includes steps S410 to S450.
Step S410: and setting an authentication module corresponding to the target computing cluster.
Step S420: and acquiring authentication request information sent by a user authentication end, wherein the authentication request information comprises the account type and identity authentication information of the user.
Step S430: this step includes three sub-steps in parallel.
And determining that the user authentication source corresponding to the user is background authentication service of the user authentication system or a certain computing cluster or a certain third party application according to the account number type of the user.
Step S440: this step includes three sub-steps in parallel.
Under the condition that a user authentication source corresponding to a user is determined to be background authentication service of a user authentication system according to the account type of the user, carrying out identity authentication on the identity authentication information based on LDAP;
under the condition that the user authentication source corresponding to the user is determined to be a certain computing cluster according to the account number type of the user, the identity authentication information is sent to the identity authentication source of the large-scale computing center A so as to carry out identity authentication.
Under the condition that the user authentication source corresponding to the user is determined to be a certain third party application according to the account number type of the user, the identity authentication information is sent to the identity authentication source of the third party user through OAuth2 so as to carry out identity authentication.
Step S450: if the identity authentication is successful, an identity token is returned to the authentication module, so that the authentication module returns the identity token to the user authentication end; if the authentication fails, returning authentication failure information.
Fig. 5 shows a schematic structural diagram of a user authentication server according to an embodiment of the present application, and as can be seen from fig. 5, the user authentication server 100 includes:
the setting unit 510 is configured to set an authentication module corresponding to a target computing cluster, where the target computing cluster is a computing cluster accessed to the user authentication system.
Computing clusters include, but are not limited to, large computing centers where high performance computing service environments have been aggregated. The computing clusters are typically used in the following manner: user authentication is carried out through the cluster terminal, and after the authentication is passed, the computing task is submitted through the cluster terminal.
The special feature of the computing clusters is that the cluster terminals are not realized through a browser architecture, the cluster terminals do not have a visual login interface for each computing cluster, users of each computing cluster can log in only through execution sentences, the operation is complex, errors are easy to occur, and user authentication of the cluster terminals cannot be unified with user authentication of other computing nodes simply.
For the above characteristics of the computing cluster, the design of the embodiments of the present application is that, first, an authentication module corresponding to the target computing cluster is established, where the authentication module is set on a user authentication server, and is used to implement authentication communication with the target computing cluster. Therefore, the difficulty that the user authentication end of the browser architecture cannot directly establish authentication communication with the target computing cluster is solved.
It should be noted that, the applicable object of the method is a user of a computing cluster which has been accessed into a high-performance computing service environment, and for the computing cluster which has not been added into the high-performance computing service environment, before accessing the high-performance computing service environment, the user needs to aggregate into the high-performance computing service environment first, and after adding into the high-performance computing service environment, a corresponding authentication module is set.
The acquiring unit 520 is configured to acquire authentication request information sent by the user authentication end, where the authentication request information includes an account type and identity authentication information of the user.
The user logs in by using the user information filled in a user login interface of the user authentication end, the user authentication end generates authentication request information according to the user information, and the user authentication end sends the authentication request information to the user authentication server. The authentication request information at least comprises account types and identity authentication information of the user, wherein the account types of the user are set differently according to different target computing clusters, and the account types can specifically represent which computing cluster the target computing cluster is, for example, an A large computing center corresponds to the A account type, a B large computing center corresponds to the B account type, and a C large computing center corresponds to the C account type. After one computing cluster is accessed to the high-performance computing user authentication service, a specific corresponding account type is set for the computing cluster, and the user selects or fills in according to the computing cluster where the user is located.
The identity authentication information includes, but is not limited to, a user name and a password, where it is to be noted that the identity authentication information, such as the user name and the password, is original to the user, in the account management system of the respective computing cluster, and may be referred to as, for example, the original user name and the original password, without re-application.
And the determining unit 530 is configured to determine an identity authentication source corresponding to the user according to the account type.
For the identity authentication of the user is performed by the identity authentication source of the computing cluster where the user is located, the identity authentication source includes but is not limited to an account management system of the computing cluster, and because the account type can specifically characterize which computing node the target computing cluster is, which computing cluster the identity authentication source of a certain user is can be determined according to the account type.
If the account number type filled in by a user is the A account number type, determining that the identity authentication source of the user is an A large-scale computing center; and if the account number type filled in by the user is the B account number type, determining that the identity authentication source of the user is the B large-scale computing center.
The distributing unit 540 is configured to send, according to the authentication module, the identity authentication information to the identity authentication source for identity authentication in the case that the identity authentication source is the target computing cluster;
Taking the target computing cluster as an A large computing center as an example, when the identity authentication source is the A large computing center, the authentication module sends the identity authentication information of the user to the A large computing center so that the A large computing center authenticates the received identity authentication information of the user. The transmission may be direct or indirect via another relay path.
Information return unit 550: and under the condition that the identity authentication is successful, generating and returning an identity token to the user authentication end so that the user authentication end can access the high-performance computing service environment according to the identity token.
Under the condition that the identity authentication is successful, the user is authorized, specifically, the user authentication server generates a Token (Token) after receiving the message that the identity authentication is successful, and returns the Token to the user authentication end, and the user authentication end can access the high-performance computing service environment according to the identity Token and utilize resources in the high-performance computing service environment, including but not limited to hardware resources and software resources.
The Token may be a string of characters generated by the user authentication server, and when the user authentication end logs in, the user authentication server generates a Token and returns the Token to the user authentication end, and then the user authentication end can access the high-performance computing service environment only by carrying the Token.
In some embodiments of the present application, in the server, the setting unit 510 is configured to set an authentication interface corresponding to the target computing cluster, so that the interface may encapsulate the received identity authentication information into an authentication information format supported by the target computing cluster; the distributing unit 540 is configured to encapsulate the identity authentication information through the authentication interface, and send the encapsulated identity authentication information to the cluster terminal of the target computing cluster, so that the cluster terminal sends the encapsulated identity authentication information to the identity authentication source to perform identity authentication.
In some embodiments of the present application, in the server, a setting unit 510 is configured to set an analog terminal corresponding to a cluster terminal of the target computing cluster; the distributing unit 540 is configured to package the identity authentication information into an authentication information format supported by the target computing cluster by using the analog terminal, and send the packaged identity authentication information to the identity authentication source for identity authentication.
In some embodiments of the present application, in the server, the obtaining unit 520 is configured to provide a front-end page to the user authentication end, and receive, through the front-end page, authentication request information sent by the user authentication end; the front-end page comprises an account type control and an identity authentication information input control; the selectable items of the account type control are configured according to the applications and/or computing clusters supported by the user authentication system; the identity authentication information input control is configured with an input verification rule.
In some embodiments of the present application, in the server, the determining unit 530 is configured to obtain network environment information of the user authentication end when the account type is a computing cluster type; the computing cluster corresponding to the user authentication end is identified according to the network environment information; and the identity authentication source is used for taking the identified computing cluster as the identity authentication source corresponding to the user.
In some embodiments of the present application, in the server, the determining unit 530 is further configured to return authentication failure information to the user authentication end if a computing cluster corresponding to the user authentication end cannot be identified according to the network environment information.
In some embodiments of the present application, the server further includes a determining unit, configured to determine, according to the authentication request information, whether the user is a registered user in the user authentication system; if the user is not the registered user, acquiring user registration information; and registering the user in the user authentication system according to the user registration information.
In some embodiments of the present application, in the server, the determining unit is configured to search, according to a user name in the identity authentication information, a registered user list of an identity authentication source corresponding to the user; if the user is able to be retrieved, the user is a registered user in the user authentication system, otherwise, the user is not a registered user in the user authentication system.
In some embodiments of the present application, in the server, in a case where the authentication source is an authentication source of the user authentication system itself, authentication is performed on the authentication information based on the LDAP protocol; and the distributing unit 540 is configured to send the identity authentication information to the identity authentication source through OAuth2 protocol to perform identity authentication when the identity authentication source is a third party application.
It can be understood that the above-mentioned user authentication server can implement each step of the user authentication method provided in the foregoing embodiment, and the explanation about the user authentication method is applicable to the user authentication server, which is not repeated herein.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 6, at the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, network interface, and memory may be interconnected by an internal bus, which may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in FIG. 6, but not only one bus or type of bus.
And the memory is used for storing programs. In particular, the program may include program code including computer-operating instructions. The memory may include memory and non-volatile storage and provide instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs, and forms a user authentication server on a logic level. The user authentication servers shown in fig. 6 do not constitute a limitation on the number of user authentication servers. The processor is used for executing the programs stored in the memory and is specifically used for executing the following operations:
Setting an authentication module corresponding to a target computing cluster, wherein the target computing cluster is a computing cluster accessed to a user authentication system;
acquiring authentication request information sent by a user authentication end, wherein the authentication request information comprises account type and identity authentication information of a user;
determining an identity authentication source corresponding to the user according to the account type;
under the condition that the identity authentication source is a target computing cluster, sending identity authentication information to the identity authentication source according to the authentication module so as to perform identity authentication;
and under the condition that the identity authentication is successful, generating and returning an identity token to the user authentication end so that the user authentication end can access the high-performance computing service environment according to the identity token.
The method performed by the user authentication server disclosed in the embodiment shown in fig. 5 of the present application may be applied to a processor or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
The electronic device may further execute the method executed by the user authentication server in fig. 5, and implement the functions of the embodiment shown in fig. 5, which are not described herein.
The embodiments of the present application also provide a computer readable storage medium storing one or more programs, where the one or more programs include instructions, which when executed by an electronic device that includes a plurality of application programs, enable the electronic device to perform a method performed by a user authentication server in the embodiment shown in fig. 5, and specifically are configured to perform:
setting an authentication module corresponding to a target computing cluster, wherein the target computing cluster is a computing cluster accessed to a user authentication system;
acquiring authentication request information sent by a user authentication end, wherein the authentication request information comprises account type and identity authentication information of a user;
determining an identity authentication source corresponding to the user according to the account type;
under the condition that the identity authentication source is a target computing cluster, sending identity authentication information to the identity authentication source according to the authentication module so as to perform identity authentication;
and under the condition that the identity authentication is successful, generating and returning an identity token to the user authentication end so that the user authentication end can access the high-performance computing service environment according to the identity token.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (9)
1. A user authentication method, comprising:
setting an authentication module corresponding to a target computing cluster, wherein the target computing cluster is a computing cluster accessed to a user authentication system;
acquiring authentication request information sent by a user authentication end, wherein the authentication request information comprises account type and identity authentication information of a user;
Determining an identity authentication source corresponding to the user according to the account type;
under the condition that the identity authentication source is a target computing cluster, sending the identity authentication information to the identity authentication source according to the authentication module so as to perform identity authentication;
under the condition that the identity authentication is successful, generating and returning an identity token to the user authentication end so that the user authentication end can access a high-performance computing service environment according to the identity token,
the step of determining the identity authentication source corresponding to the user according to the account type comprises the following steps:
acquiring network environment information of the user authentication end under the condition that the account number type is a computing cluster type;
identifying a computing cluster corresponding to the user authentication end according to the network environment information;
the identity authentication source of the identified computing cluster is used as the identity authentication source corresponding to the user;
determining that a user authentication source corresponding to a user is background authentication service of the user authentication system or a certain computing cluster or a certain third party application according to the account type of the user;
under the condition that a user authentication source corresponding to a user is determined to be background authentication service of a user authentication system according to the account type of the user, carrying out identity authentication on the identity authentication information based on an LDAP protocol;
Under the condition that a user authentication source corresponding to a user is determined to be a certain computing cluster according to the account type of the user, identity authentication information is sent to an identity authentication source of a computing center so as to perform identity authentication;
under the condition that the user authentication source corresponding to the user is determined to be a certain third party application according to the account number type of the user, the identity authentication information is sent to the identity authentication source of the third party user through an OAuth2 protocol so as to carry out identity authentication.
2. The method of claim 1, wherein the setting an authentication module corresponding to the target computing cluster comprises:
setting an authentication interface corresponding to the target computing cluster, so that the interface can package the received identity authentication information into an authentication information format supported by the target computing cluster;
the sending the identity authentication information to the identity authentication source according to the authentication module to perform identity authentication includes:
and packaging the identity authentication information through the authentication interface, and sending the packaged identity authentication information to a cluster terminal of a target computing cluster, so that the cluster terminal sends the packaged identity authentication information to the identity authentication source to perform identity authentication.
3. The method of claim 1, wherein the setting an authentication module corresponding to the target computing cluster comprises:
setting an analog terminal corresponding to a cluster terminal of the target computing cluster;
the sending the identity authentication information to the identity authentication source according to the authentication module to perform identity authentication includes:
and encapsulating the identity authentication information into an authentication information format supported by a target computing cluster by using the simulation terminal, and sending the encapsulated identity authentication information to the identity authentication source to perform identity authentication.
4. The method of claim 1, wherein the obtaining authentication request information sent by the user authentication end includes:
providing a front page for the user authentication end, and receiving authentication request information sent by the user authentication end through the front page;
the front-end page comprises an account type control and an identity authentication information input control;
the selectable items of the account type control are configured according to the applications and/or computing clusters supported by the user authentication system;
the identity authentication information input control is configured with an input check rule.
5. The method according to claim 1, wherein the method further comprises:
And if the computing cluster corresponding to the user authentication end cannot be identified according to the network environment information, returning authentication failure information to the user authentication end.
6. The method according to claim 1, wherein the method further comprises:
judging whether the user is a registered user in a user authentication system according to the authentication request information;
if the user is not a registered user, acquiring user registration information;
and registering the user in the user authentication system according to the user registration information.
7. The method of claim 6, wherein determining whether the user is a registered user in a user authentication system based on the authentication request information comprises:
searching in a registered user list of an identity authentication source corresponding to the user according to the user name in the identity authentication information;
if the user is able to be retrieved, the user is a registered user in the user authentication system, otherwise, the user is not a registered user in the user authentication system.
8. A user authentication server for implementing the method according to any one of claims 1-7.
9. A user authentication system, comprising the user authentication server of claim 8, and a plurality of user authentication terminals;
the user authentication end is used for sending user authentication information to the user authentication server and receiving an identity token returned by the user authentication server; and accessing a high performance computing service environment based on the identity token.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110420384.2A CN115225299B (en) | 2021-04-19 | 2021-04-19 | User authentication method, server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110420384.2A CN115225299B (en) | 2021-04-19 | 2021-04-19 | User authentication method, server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115225299A CN115225299A (en) | 2022-10-21 |
| CN115225299B true CN115225299B (en) | 2023-06-27 |
Family
ID=83604296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110420384.2A Active CN115225299B (en) | 2021-04-19 | 2021-04-19 | User authentication method, server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115225299B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106559386A (en) * | 2015-09-25 | 2017-04-05 | 阿里巴巴集团控股有限公司 | A kind of authentication method and device |
| CN108737171A (en) * | 2018-05-10 | 2018-11-02 | 网宿科技股份有限公司 | A kind of method and system of management cloud service cluster |
| CN109067785A (en) * | 2018-09-19 | 2018-12-21 | 新华三大数据技术有限公司 | Cluster authentication method, device |
| CN110620782A (en) * | 2019-09-29 | 2019-12-27 | 深圳市珍爱云信息技术有限公司 | Account authentication method and device, computer equipment and storage medium |
| CN111291340A (en) * | 2020-03-05 | 2020-06-16 | 浪潮通用软件有限公司 | Unified identity authentication management system and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6435164B1 (en) * | 2000-12-07 | 2002-08-20 | Ford Global Technologies, Inc. | Fuel weathering method for vehicle evaporative emission system |
| US11055710B2 (en) * | 2013-05-02 | 2021-07-06 | Visa International Service Association | Systems and methods for verifying and processing transactions using virtual currency |
-
2021
- 2021-04-19 CN CN202110420384.2A patent/CN115225299B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106559386A (en) * | 2015-09-25 | 2017-04-05 | 阿里巴巴集团控股有限公司 | A kind of authentication method and device |
| CN108737171A (en) * | 2018-05-10 | 2018-11-02 | 网宿科技股份有限公司 | A kind of method and system of management cloud service cluster |
| CN109067785A (en) * | 2018-09-19 | 2018-12-21 | 新华三大数据技术有限公司 | Cluster authentication method, device |
| CN110620782A (en) * | 2019-09-29 | 2019-12-27 | 深圳市珍爱云信息技术有限公司 | Account authentication method and device, computer equipment and storage medium |
| CN111291340A (en) * | 2020-03-05 | 2020-06-16 | 浪潮通用软件有限公司 | Unified identity authentication management system and method |
Non-Patent Citations (2)
| Title |
|---|
| 《高性能计算环境通用计算平台》;和荣;《信息科技》;全文 * |
| Ali A. Yassin ; Hai Jin ; Ayad Ibrahim ; Deqing Zou.《Anonymous Password Authentication Scheme by Using Digital Signature and Fingerprint in Cloud Computing》.《 2012 Second International Conference on Cloud and Green Computing》.2013,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115225299A (en) | 2022-10-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10957326B2 (en) | Device identifier dependent operation processing of packet based data communication | |
| CN108306877B (en) | NODE JS-based user identity information verification method and device and storage medium | |
| US9864852B2 (en) | Approaches for providing multi-factor authentication credentials | |
| CN107122296B (en) | Method and apparatus for data assertion for test interface | |
| CN106354481B (en) | Method and equipment for uniformly mapping HTTP (hyper text transport protocol) request | |
| US10362026B2 (en) | Providing multi-factor authentication credentials via device notifications | |
| US9342667B2 (en) | Extended OAuth architecture | |
| US10397051B1 (en) | Configuration and testing of network-based service platform resources using a service platform specific language | |
| CN104346365A (en) | Device and method for determining specific service associated logs | |
| US20190288998A1 (en) | Providing multi-factor authentication credentials via device notifications | |
| JP2018506796A (en) | Data backfill method and system | |
| CN113612686A (en) | Traffic scheduling method and device and electronic equipment | |
| CN111818035A (en) | Permission verification method and device based on API gateway | |
| CN112787986B (en) | Multi-path bidirectional authentication method and device | |
| CN105656979A (en) | Method for processing unstructured message, client, server, and platform | |
| CN111563215B (en) | Method and device for controlling front-end operation authority and related equipment | |
| CN115225299B (en) | User authentication method, server and system | |
| CN117251837A (en) | System access method and device, electronic equipment and storage medium | |
| CN116484338A (en) | Database access method and device | |
| CN109542401B (en) | Web development method and device, storage medium and processor | |
| CN108563514A (en) | Access method, application and the electronic equipment of application configuration service | |
| CA2991067C (en) | Providing multi-factor authentication credentials via device notifications | |
| US10742802B2 (en) | Methods and devices for verifying a communication number | |
| CN109787945B (en) | Method and device for realizing user component in Android system | |
| CN113703996A (en) | Access control method, device and medium based on user and YANG model grouping |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |