CN115776400A - Identity authentication method, device, system and equipment across multiple identity authentication centers - Google Patents
Identity authentication method, device, system and equipment across multiple identity authentication centers Download PDFInfo
- Publication number
- CN115776400A CN115776400A CN202211468996.XA CN202211468996A CN115776400A CN 115776400 A CN115776400 A CN 115776400A CN 202211468996 A CN202211468996 A CN 202211468996A CN 115776400 A CN115776400 A CN 115776400A
- Authority
- CN
- China
- Prior art keywords
- federal
- authentication
- identity information
- authentication center
- center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides an identity authentication method, device, system and equipment spanning multiple identity authentication centers, wherein the method comprises the steps of detecting whether a federal authentication center logs in target identity information or not; if the target identity information is not logged in by the federal authentication center, the login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to a federal authentication center, and binding the target identity information with the federal authentication center; if the federal authentication center logs in the target identity information, the target identity information is obtained from the federal authentication center, and the target identity information is logged in, so that the same target identity information logged in by other identity authentication centers can be called through the federal authentication center when a user logs in different identity authentication centers, the operation of logging in an account and a password for many times by the user is omitted, the user information intercommunication among different identity authentication centers is realized, and the user experience is effectively improved.
Description
Technical Field
The invention relates to the technical field of identity authentication, in particular to an identity authentication method, device, system and equipment spanning multiple identity authentication centers.
Background
With the increasing sophistication and maturity of the construction of the government and enterprise information system, information system integration portals at department level or sub-company level are formed, and respective identity authentication centers are established. At present, the identity authentication center mostly adopts a single-center and centralized authentication mode, that is, the authentication process in the mutually independent identity authentication centers mainly comprises: firstly, a user logs in an identity authentication center I and processes the service of the identity authentication center I; then, the user logs in the identity authentication center II and processes the service of the identity authentication center II.
However, in the identity recognition mode, a user needs to log in different identity authentication centers for multiple times to manage multiple sets of accounts/passwords, and user information in different identity authentication centers are isolated from each other and cannot be effectively communicated in series, which affects user experience.
Disclosure of Invention
The invention provides an identity authentication method, device, system and equipment spanning multiple identity authentication centers, which are used for solving the defect that user information cannot be intercommunicated among different identity authentication centers in the prior art.
The invention provides an identity authentication method across multiple identity authentication centers, which is applied to the identity authentication centers and comprises the following steps:
detecting whether a federal authentication center logs in target identity information or not;
if the target identity information is not logged in by the federal authentication center, a login page is redirected, and the target identity information is logged in through the login page;
after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center;
and if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center, and completing the logging in of the target identity information.
According to the identity authentication method across multiple identity authentication centers provided by the invention, the redirection to the federal authentication center binds the target identity information with the federal authentication center, and the method comprises the following steps:
redirecting to the federal certification center, and sending a first authorization code to the federal certification center;
receiving a calling request of the federal authentication center for an interface for logging in the target identity information, wherein the calling request carries a first federal signal, and the first federal signal is generated by the federal authentication center after checking the first authorization code;
and binding the target identity information with the federal authentication center based on the calling request.
According to the identity authentication method across multiple identity authentication centers provided by the invention, the target identity information is acquired from the federal authentication center to complete the login of the target identity information, and the method comprises the following steps:
redirecting and sending a second authorization code to the federal certification center;
receiving and checking a federal signal bill sent by the federal authentication center, wherein the federal signal bill is generated by additional signing after the federal authentication center checks that the second authorization code is valid;
after the federal signal bill is verified, obtaining a mark in the federal signal bill;
and acquiring the target identity information in the federal authentication center based on the mark, and completing the login of the target identity information.
According to the identity authentication method across multiple identity authentication centers provided by the invention, before detecting whether the federal authentication center has logged in target identity information, the method further comprises the following steps:
establishing network intercommunication with a federal certification center through a federal certification access protocol;
after the network intercommunication is established, the address of the federal certification center is redirected;
and receiving login state information of the federal authentication center.
According to the identity authentication method across multiple identity authentication centers provided by the invention, after the target identity information is acquired from the federal authentication center and before the target identity information is logged in, the method further comprises the following steps:
sending the secondary authentication information to a login interface;
and receiving key information aiming at the secondary authentication information input by a user, if the key information passes the secondary authentication, finishing the login of the target identity information, and if not, failing to login.
The identity authentication method across multiple identity authentication centers provided by the invention further comprises the following steps:
and sending the login time of the target identity information to a federal authentication center for storage and recording.
According to the identity authentication method across multiple identity authentication centers, provided by the invention, the target identity information comprises an identity card number and/or a mobile phone number.
The invention also provides an identity authentication device across multiple identity authentication centers, which is applied to the identity authentication centers and comprises the following components:
the detection module is used for detecting whether the federal authentication center has logged in target identity information or not;
the binding module is used for redirecting a login page if the target identity information is not logged in by the federal authentication center, and completing the login of the target identity information through the login page; after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center;
and the acquisition module is used for acquiring the target identity information from the federal authentication center to finish the login of the target identity information if the federal authentication center logs in the target identity information.
The invention also provides an identity authentication system spanning multiple identity authentication centers, which comprises a federal authentication access protocol, a federal authentication center and at least two identity authentication centers;
the federal authentication access protocol is used for establishing network intercommunication between the federal authentication center and each identity authentication center;
the federal authentication center is used for realizing data interaction among different identity authentication centers;
the identity authentication center is used for detecting whether the federal authentication center logs in target identity information or not; if the target identity information is not logged in by the federal authentication center, a login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center; and if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center, and completing the logging in of the target identity information.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein when the processor executes the program, the identity authentication method across multiple identity authentication centers is realized.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of identity authentication across multiple identity verification centers as described in any of the above.
The present invention also provides a computer program product comprising a computer program which, when executed by a processor, implements a method of identity authentication across multiple identity authentication centers as described in any of the above.
The invention provides an identity authentication method, an identity authentication device, an identity authentication system and identity authentication equipment spanning multiple identity authentication centers, wherein the method comprises the steps of detecting whether a federal authentication center logs in target identity information or not; if the target identity information is not logged in by the federal authentication center, the login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to a federal authentication center, and binding the target identity information with the federal authentication center; if the federal authentication center logs in the target identity information, the target identity information is obtained from the federal authentication center, and the target identity information is logged in, so that the same target identity information logged in by other identity authentication centers can be called through the federal authentication center when a user logs in different identity authentication centers, the operation of logging in an account and a password for many times by the user is omitted, the user information intercommunication among different identity authentication centers is realized, and the user experience is effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of an identity authentication method across multiple identity authentication centers according to the present invention;
fig. 2 is a schematic flow chart of the federated authentication center in an unregistered state according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of the federated authentication center provided in the embodiment of the present invention in a logged-in state;
FIG. 4 is a schematic structural diagram of an identity authentication apparatus spanning multiple identity authentication centers provided by the present invention;
FIG. 5 is a schematic structural diagram of an identity authentication system across multiple identity authentication centers provided by the present invention;
fig. 6 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The identity authentication method, device, system and apparatus across multiple identity authentication centers of the present invention are described below with reference to fig. 1 to 6.
Fig. 1 is a schematic flow chart of an identity authentication method across multiple identity authentication centers according to the present invention.
As shown in fig. 1, the identity authentication method across multiple identity authentication centers provided in this embodiment is applied to an identity authentication center, that is, an execution subject is an identity authentication center, and the method mainly includes the following steps:
101. and detecting whether the federal authentication center has logged in target identity information.
In a specific implementation process, a user needs to log in an identity authentication center for access, information of the user needing to be accessed is defined as target identity information, and when the user accesses the identity authentication center and is in a non-login state, the user accesses a controlled resource of the identity authentication center. The identity authentication center firstly detects whether the federal authentication center has logged in the target identity information, and the login mode is different from that of the user logging in the identity authentication center for the first time and that of other identity authentication centers under the same federal authentication center for the user logging in, so that whether the federal authentication center logs in the target identity information is accurately detected, and the target identity information can be logged in quickly in the follow-up process. The target identity information comprises an identity card number and/or a mobile phone number and the like.
102. And if the target identity information is not logged in by the federal authentication center, redirecting the login page, and completing the login of the target identity information through the login page.
If the target identity information which is not logged in by the federal authentication center is determined through detection, the fact that no user identity information is logged in the federal authentication center is indicated, a plurality of identity authentication centers managed by the federal authentication center do not log in, at the moment, the identity authentication center is redirected to a login page, and the user can log in through the login page.
103. After the target identity information is logged in, the target identity information is redirected to a federal authentication center, and the target identity information is bound with the federal authentication center.
Target identity information is not logged in the federal authentication center, and then after a user logs in through a login page of the identity authentication center, the target identity information needs to be synchronized to the federal authentication center, so that the target identity information needs to be redirected to the federal authentication center (/ federal Oauth/login), and the target identity information is bound with the federal authentication center, so that the user only needs to call the user identity information through the federal authentication center when logging in other identity authentication centers which are communicated with the federal authentication center.
104. And if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center to finish the logging in of the target identity information.
If the target identity information is determined to be logged in by the federal authentication center through detection, the user can directly acquire the target identity information through the federal authentication center without inputting the account and the password again, and the login is quickly completed by using the acquired target identity information.
The federal authentication center provides the unified access management, user management and session management capabilities for each identity authentication center. After logging in, a user of the identity authentication center automatically registers key information in user information to the federal authentication center in an abstract mode, and the federal authentication center associates users from a plurality of identity authentication centers according to the key information. The federal authentication center can also record the online state of the user, support the session sharing of different identity authentication centers under the same user, achieve the effects of logging in once and identifying the identity across the authentication centers.
When a user logs in the identity authentication center, the identity authentication center detects the login state of user identity information in the federal authentication center, if the user logs in, the identity authentication center automatically logs in an account the same as the federal authentication center, if the user does not log in, the user logs in the original login mode of the identity authentication center, after the authentication center logs in the original mode, the authentication center informs the federal authentication center of the current logged-in account, and the federal authentication center logs in the account and binds the account, so that when the user logs in other identity authentication centers which are in network intercommunication with the federal authentication center, the user can finish fast login.
The identity authentication method across multiple identity authentication centers provided by the embodiment detects whether a federal authentication center has logged in target identity information; if the target identity information is not logged in by the federal authentication center, the login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to a federal authentication center, and binding the target identity information with the federal authentication center; if the federal authentication center logs in the target identity information, the target identity information is obtained from the federal authentication center, and the target identity information is logged in, so that the same target identity information logged in by other identity authentication centers can be called through the federal authentication center when a user logs in different identity authentication centers, the operation of logging in an account and a password for many times by the user is omitted, the user information intercommunication among different identity authentication centers is realized, and the user experience is effectively improved.
Further, on the basis of the above embodiment, redirecting to the federal certification center in this embodiment to bind the target identity information with the federal certification center includes: redirecting to a federal certification center, and sending a first authorization code to the federal certification center; receiving a calling request of a federal authentication center for an interface of login target identity information, wherein the calling request carries a first federal signal, and the first federal signal is generated by the federal authentication center after checking a first authorization code; and binding the target identity information with the federal certification center based on the call request.
Specifically, the method includes the steps of redirecting to a federal authentication center (/ federal Oauth/login), sending a first authorization Code (authorization Code) and a federal number (federal ApId) to the federal authentication center, checking the authorization Code by the federal authentication center, signing to generate a first federal signal (federal Sign), sending an interface calling request by the federal authentication center, calling the interface (/ federal/getUserInfo) and the federal Sign by the federal authentication center after the identity authentication center receives the calling request of the interface for logging in the target identity information by the federal authentication center, binding the target identity information with the federal authentication center by the federal authentication center according to the calling request, logging in an original preset login mode of the identity authentication center, and finally returning to the identity authentication center.
Fig. 2 is a schematic flow chart of the federal authentication center in an unregistered state according to an embodiment of the present invention. As shown in fig. 2, a full flow description is performed from the perspective of integrally obtaining target identity information that is not registered in the federal certification center, i.e., an identity certification center in fig. 2, i.e., a federal certification center. The user firstly accesses the system at the front end of the authentication center, the user does not log in the identity authentication center, the user is redirected to a federal authentication center address (/ federal Oauth/authorization) under the State of not logging in the identity authentication center, the federal number (federal ApId) is transmitted, after the federal authentication center receives a request, the operation is carried out, the user is redirected to the identity authentication center (/ federal/authorization Callback), the federal service authentication State (federal State) and authorization Code information (authorization Code) are transmitted, and the authentication State and the authorization Code information of the federal center are stored. The process is that the user accesses the controlled resource of the authentication center, and the authentication center detects whether the user accesses the federal authentication center.
Detecting whether the federal center logs in, namely whether the federal authentication center logs in target identity information or not, wherein the federal authentication center does not log in, redirecting a login page in the authentication center, manually logging in by a user through the login page, submitting login information, completing login, and returning federal redirection address and authorization code information. The platform front end is redirected to a federal authentication center, (/ federal Oauth/login) additionally transmits authorize Code and federal ApId, then the federal authentication center checks the authorize Code and generates a federal Sign by tagging, the authentication center checks the federal Sign, then user information is obtained, the target identity information is bound with the federal authentication center, and login is completed. After the login is completed, the platform service is redirected to the authentication center, and the whole work flow is completed. Therefore, the target identity information is successfully bound by the federal authentication center after the user manually logs in the authentication center under the condition that the federal authentication center does not log in the target identity, so that the user can conveniently and rapidly log in other authentication centers which are in network intercommunication with the federal authentication center.
Further, on the basis of the above embodiment, acquiring the target identity information from the federal authentication center in this embodiment to complete the login of the target identity information includes: redirecting and sending a second authorization code to a federal certification center; receiving and checking a federal signal bill sent by a federal authentication center, wherein the federal signal bill is generated by adding a label after the federal authentication center checks that a second authorization code is valid; after the checking federal signal bill passes, obtaining a mark in the federal signal bill; and acquiring target identity information in a federal authentication center based on the mark, and completing the login of the target identity information.
Specifically, when it is determined that the federal authentication center has logged in the target identity information, the authentication center redirects to the federal authentication center (/ federal Oauth/Sign) and attaches second authorization Code (authorization Code) information, after receiving the request, the federal authentication center verifies the validity of the authorization Code, and generates a federal signal (federalsign) bill by tagging the value of the authorization Code, then redirects to the authentication center (/ federal/login) and attaches a federal Sign bill, verifies the federal Sign bill by the authentication center, acquires the mark (Token) by attaching a federal Sign and a federal app id through a rear-end interface (/ federal Oauth/get Token), and then acquires the logged-in User information by using the rear-end interface (/ federal auth Oauth/get User Info).
Fig. 3 is a schematic flow chart of the federated authentication center in the logged-in state according to the embodiment of the present invention. As shown in fig. 3, a full flow description is performed from the perspective of integrally obtaining target identity information that is not registered in the federal certification center, where the certification center in fig. 3 is an identity certification center and the federal center is a federal certification center. The user firstly accesses the system at the front end of the authentication center, the user does not log in the identity authentication center, and in the State of not logging in the identity authentication center, the user redirects to the address of the federal authentication center (/ federal Oauth/authorization), transmits the federal number (federal ApId), after the federal authentication center receives the request, the user performs operation processing, and then redirects to the identity authentication center (/ federal/authorization Callback), transmits the State of federal service authentication (federal State) and authorization Code information (authorization Code), and stores the authentication State and the authorization Code information of the federal center. The process is that the user accesses the controlled resource of the authentication center, and the authentication center detects whether the user accesses the federal authentication center. The operation before detecting whether the federal certification center logs in the target identity information is performed under the condition that the identity certification center does not log in, so the process before detecting whether the federal certification center logs in the target identity information is the same as that in fig. 2.
Detecting whether a federal authentication center logs in target identity information, if the target identity information is logged in, redirecting to the federal authentication center, transmitting a second authorization Code, verifying the validity of the second authorization Code by the federal authentication center, signing to generate a federal signal bill, redirecting to the authentication center again, transmitting the federal signal bill to the authentication center, verifying the federal signal bill by the authentication center, transmitting the federal signal bill through a rear-end interface (/ federal Oauth/getToken), acquiring a mark (Token) by a federal number, finally acquiring user information from the federal authentication center, completing logging in the authentication center, and storing the authenticated state of the federal authentication center. The user identity information is directly called in the federal authentication center, so that the complicated operation that the user logs in one by one is omitted, and the login efficiency of the user in the identity authentication center is effectively improved. In order to enhance the security of the federal signal, private key signature generation of an identity authentication center can be selected.
Further, on the basis of the above embodiment, after obtaining the target identity information from the federal authentication center and before completing the login of the target identity information in this embodiment, the method further includes: sending the secondary authentication information to a login interface; and receiving key information aiming at the secondary authentication information input by the user, if the key information passes the secondary authentication, finishing the login of the target identity information, and otherwise, failing to login.
Specifically, on the premise that the federal authentication center has logged in the target identity information, in order to strengthen the security of the identity authentication center, if the identity authentication center does not trust users from other identity authentication centers, after the target identity information is acquired from the federal authentication center, secondary authentication can be added to ensure the information security. And sending secondary authentication information to a login page, wherein the secondary authentication information comprises key information such as an identity card signal or a mobile phone number, and the like, and the user is required to input the set key information, and the login is allowed only after the verification and matching are passed, so that the data security is ensured.
As shown in fig. 3, it is detected whether the identity authentication center starts the secondary authentication, and if the secondary authentication is not started and the address does not need to be redirected, the login is directly completed. If the secondary authentication is needed, the authentication context is saved, the address is redirected, the home page is entered, the secondary authentication is completed through the platform front end, then the platform system recovers the context, the redirection address is returned, and the platform front end completes the secondary authentication. The target identity information is secondarily authenticated through the identity authentication center, so that the information safety is effectively ensured.
Further, on the basis of the above embodiment, before detecting whether the federal authentication center has logged in the target identity information, the method in this embodiment further includes: establishing network intercommunication with a federal authentication center through a federal authentication access protocol; after network intercommunication is established, the address is redirected to a federal certification center; and receiving login state information of the federal authentication center.
Specifically, the federal certification center is used for establishing serial intercommunication among the identity certification centers, network intercommunication between the federal certification center and the identity certification center requires the identity certification center and the federal certification center to be intercommunicated on the network by relying on a federal certification access protocol, the networks among the identity certification centers can not be intercommunicated, and all intercommunicated interfaces are realized based on an http(s) protocol. By effectively establishing the network connection between the identity authentication center and the federal authentication center, the identity authentication center can timely perform information interaction with the federal authentication center.
Further, on the basis of the above embodiment, the present embodiment further includes: and sending the login time of the target identity information to a federal authentication center for storage and recording.
Specifically, in order to effectively record login data and the like, information contents such as login time of target identity information in each identity authentication center and the like need to be uploaded to the federal authentication center for storage, so as to facilitate data query processing and the like.
Based on the same general inventive concept, the invention also protects an identity authentication device across multiple identity authentication centers, which is provided by the invention, and the identity authentication device across multiple identity authentication centers is described below, and the identity authentication device across multiple identity authentication centers described below and the identity authentication method across multiple identity authentication centers described above can be referred to correspondingly.
Fig. 4 is a schematic structural diagram of an authentication apparatus spanning multiple authentication centers according to the present invention.
As shown in fig. 4, an identity authentication apparatus across multiple identity authentication centers provided in an embodiment of the present invention is applied to an identity authentication center, and the apparatus includes:
the detection module 401 is used for detecting whether the federal authentication center has logged in target identity information;
a binding module 402, configured to redirect a login page if the federal authentication center does not log in the target identity information, and complete login of the target identity information through the login page; after the target identity information is logged in, redirecting to a federal authentication center, and binding the target identity information with the federal authentication center;
the obtaining module 403 is configured to, if the federal authentication center has logged in the target identity information, obtain the target identity information from the federal authentication center, and complete the logging in of the target identity information.
The identity authentication device across multiple identity authentication centers provided by the embodiment detects whether a federal authentication center has logged in target identity information; if the target identity information is not logged in by the federal authentication center, the login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to a federal authentication center, and binding the target identity information with the federal authentication center; if the federal authentication center logs in the target identity information, the target identity information is obtained from the federal authentication center, and the target identity information is logged in, so that the same target identity information logged in by other identity authentication centers can be called by the federal authentication center when a user logs in different identity authentication centers, the operation of logging in account numbers and passwords by the user for many times is omitted, the user information intercommunication among different identity authentication centers is realized, and the user experience is effectively improved.
Further, the binding module 402 in this embodiment is specifically configured to:
redirecting to the federal certification center, and sending a first authorization code to the federal certification center;
receiving a calling request of the federal authentication center for an interface for logging in the target identity information, wherein the calling request carries a first federal signal, and the first federal signal is generated by the federal authentication center after checking the first authorization code;
and binding the target identity information with the federal authentication center based on the calling request.
Further, the obtaining module 403 in this embodiment is specifically configured to:
redirecting and sending a second authorization code to the federal certification center;
receiving and checking a federal signal bill sent by the federal certification center, wherein the federal signal bill is generated by additional signing after the federal certification center checks that the second authorization code is valid;
after the federal signal bill is verified, obtaining a mark in the federal signal bill;
and acquiring the target identity information in the federal authentication center based on the mark, and completing the login of the target identity information.
Further, this embodiment further includes: a network interworking module to:
establishing network intercommunication with a federal authentication center through a federal authentication access protocol;
after the network intercommunication is established, the address of the federal certification center is redirected;
and receiving login state information of the federal authentication center.
Further, the present embodiment further includes a secondary authentication module, configured to:
sending the secondary authentication information to a login interface;
and receiving key information aiming at the secondary authentication information input by a user, if the key information passes the secondary authentication, finishing the login of the target identity information, and if not, failing to login.
Further, the present embodiment further includes a storage module, configured to:
and sending the login time of the target identity information to a federal authentication center for storage and recording.
Further, in this embodiment, the target identity information includes an identification number and/or a mobile phone number.
Fig. 5 is a schematic structural diagram of an identity authentication system across multiple identity authentication centers provided by the present invention.
As shown in fig. 5, an identity authentication system across multiple identity authentication centers provided in an embodiment of the present invention includes a federal authentication access protocol, a federal authentication center, and at least two identity authentication centers; the federal authentication access protocol is used for establishing network intercommunication between the federal authentication center and each identity authentication center; the federal authentication center is used for realizing data interaction among different identity authentication centers; the identity authentication center is used for detecting whether the federal authentication center logs in the target identity information or not; if the target identity information is not logged in by the federal authentication center, the login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to a federal authentication center, and binding the target identity information with the federal authentication center; and if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center to finish the logging in of the target identity information.
The federal authentication center mainly has the functions of access management, user management and session management. The access management is to manage the connection point from the identity authentication center to the federal authentication center, and configure the credible attribute of the connection point: the mobile phone number and the identity card number can be selected alternatively, the state of the secondary authentication can be provided when the secondary authentication is started: and (3) secondary authentication type: the mobile phone number, the identity card, the limitation of error times and the limitation function of limiting the login time. Different public and private key information can be issued by each accessed authentication center. The user management is the extraction of the authentication center user which is accessed legally, after the user of the identity authentication center normally logs in, the federal authentication center receives the set key attribute of the user: and searching for a user matched with or newly added with a federal authentication center according to the key attribute by using the mobile phone number and the identity card. The session management is login session management of the federal authentication center, and records source authentication center information, user information and login time.
As shown in fig. 5, the network interworking between the federal authentication center and the identity authentication center is implemented by the federal authentication access protocol. When a user logs in the identity authentication center I, whether the identity authentication center II, the identity authentication center III and the like log in the federal authentication center is detected, target identity information is logged in according to the federal authentication center, the user has different login modes in the identity authentication center I, and after other identity authentication centers log in the user identity information, the identity authentication center I only needs to call the user identity information in the federal authentication center, login can be completed quickly, tedious operations that the user goes to login account numbers and passwords one by one are avoided, login efficiency is improved, and user experience is effectively improved. Although fig. 5 only illustrates the secondary authentication functions of the authentication centers II and iii, all the authentication centers actually have the secondary authentication function, and can perform the secondary authentication on data from other authentication centers, thereby effectively enhancing the security of the authentication centers. The method is particularly suitable for providing a standardized and universal technical solution for information system integration of mutually independent informatization departments, multi-dimensional organizational structures and even cross-enterprise collaboration, and provides a good operable basic identity authentication scheme for complex information system integration requirements.
Fig. 6 is a schematic structural diagram of an electronic device provided in the present invention.
As shown in fig. 6, the electronic device may include: a processor (processor) 610, a communication Interface (Communications Interface) 620, a memory (memory) 630 and a communication bus 640, wherein the processor 610, the communication Interface 620 and the memory 630 communicate with each other via the communication bus 640. The processor 610 may invoke logic instructions in the memory 630 to perform a method of identity authentication across multiple authentication centers, for application to an authentication center, the method comprising: detecting whether a federal authentication center has logged in target identity information or not; if the target identity information is not logged in by the federal authentication center, a login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center; and if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center, and completing the logging in of the target identity information.
In addition, the logic instructions in the memory 630 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product includes a computer program, the computer program can be stored on a non-transitory computer readable storage medium, when the computer program is executed by a processor, a computer can execute the identity authentication method across multiple identity authentication centers provided by the above methods, and the method is applied to an identity authentication center, and the method includes: detecting whether a federal authentication center logs in target identity information or not; if the target identity information is not logged in by the federal authentication center, a login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center; and if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center, and completing the logging in of the target identity information.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, the computer program being implemented to perform the identity authentication method across multiple identity authentication centers provided by the above methods when executed by a processor, and the method being applied to an identity authentication center, and the method including: detecting whether a federal authentication center has logged in target identity information or not; if the target identity information is not logged in by the federal authentication center, a login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center; and if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center, and completing the logging in of the target identity information.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on the understanding, the above technical solutions substantially or otherwise contributing to the prior art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. An identity authentication method across multiple identity authentication centers is characterized by being applied to the identity authentication centers and comprising the following steps:
detecting whether a federal authentication center logs in target identity information or not;
if the target identity information is not logged in by the federal authentication center, redirecting a login page, and completing the logging in of the target identity information through the login page;
after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center;
and if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center, and completing the logging in of the target identity information.
2. The identity authentication method across multiple identity authentication centers according to claim 1, wherein the redirecting to the federal authentication center to bind the target identity information with the federal authentication center comprises:
redirecting to the federal certification center, and sending a first authorization code to the federal certification center;
receiving a calling request of the federal authentication center for an interface for logging in the target identity information, wherein the calling request carries a first federal signal, and the first federal signal is generated by the federal authentication center after checking the first authorization code;
and binding the target identity information with the federal authentication center based on the calling request.
3. The identity authentication method across multiple identity authentication centers according to claim 1, wherein the obtaining the target identity information from the federal authentication center to complete the login of the target identity information comprises:
redirecting and sending a second authorization code to the federal certification center;
receiving and checking a federal signal bill sent by the federal authentication center, wherein the federal signal bill is generated by additional signing after the federal authentication center checks that the second authorization code is valid;
after the federal signal bill is verified, obtaining a mark in the federal signal bill;
and acquiring the target identity information in the federal authentication center based on the mark, and completing the login of the target identity information.
4. The identity authentication method across multiple identity authentication centers according to claim 1, wherein before detecting whether the federal authentication center has logged in target identity information, the method further comprises:
establishing network intercommunication with a federal certification center through a federal certification access protocol;
after the network intercommunication is established, the address of the federal certification center is redirected;
and receiving login state information of the federal authentication center.
5. The identity authentication method across multiple identity authentication centers according to any one of claims 1 to 4, wherein after the target identity information is obtained from the federal authentication center and before the target identity information is completely logged in, further comprising:
sending the secondary authentication information to a login interface;
and receiving key information aiming at the secondary authentication information input by a user, if the key information passes the secondary authentication, finishing the login of the target identity information, and if not, failing to login.
6. The identity authentication method across multiple identity authentication centers according to any one of claims 1 to 4, further comprising:
and sending the login time of the target identity information to a federal authentication center for storage and recording.
7. The identity authentication method across multiple identity authentication centers as claimed in any one of claims 1 to 4, wherein the target identity information comprises an identification number and/or a mobile phone number.
8. An identity authentication device across multiple identity authentication centers is applied to the identity authentication centers, and comprises:
the detection module is used for detecting whether the federal authentication center logs in the target identity information or not;
the binding module is used for redirecting a login page if the target identity information is not logged in by the federal authentication center, and completing the login of the target identity information through the login page; after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center;
and the acquisition module is used for acquiring the target identity information from the federal authentication center and finishing the login of the target identity information if the federal authentication center logs in the target identity information.
9. An identity authentication system across multiple identity authentication centers is characterized by comprising a federal authentication access protocol, a federal authentication center and at least two identity authentication centers;
the federal authentication access protocol is used for establishing network intercommunication between the federal authentication center and each identity authentication center;
the federal authentication center is used for realizing data interaction among different identity authentication centers;
the identity authentication center is used for detecting whether the federal authentication center logs in target identity information or not; if the target identity information is not logged in by the federal authentication center, a login page is redirected, and the target identity information is logged in through the login page; after the target identity information is logged in, redirecting to the federal authentication center, and binding the target identity information with the federal authentication center; and if the target identity information is logged in by the federal authentication center, acquiring the target identity information from the federal authentication center, and completing the logging in of the target identity information.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the method of identity authentication across multiple authentication centers according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211468996.XA CN115776400A (en) | 2022-11-22 | 2022-11-22 | Identity authentication method, device, system and equipment across multiple identity authentication centers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211468996.XA CN115776400A (en) | 2022-11-22 | 2022-11-22 | Identity authentication method, device, system and equipment across multiple identity authentication centers |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115776400A true CN115776400A (en) | 2023-03-10 |
Family
ID=85389807
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211468996.XA Pending CN115776400A (en) | 2022-11-22 | 2022-11-22 | Identity authentication method, device, system and equipment across multiple identity authentication centers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115776400A (en) |
-
2022
- 2022-11-22 CN CN202211468996.XA patent/CN115776400A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9794227B2 (en) | Automatic detection of authentication methods by a gateway | |
| CN105827600B (en) | Method and device for logging in client | |
| US10212151B2 (en) | Method for operating a designated service, service unlocking method, and terminal | |
| CN105847245B (en) | Electronic mailbox login authentication method and device | |
| CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| CN113132402B (en) | Single sign-on method and system | |
| KR20130107188A (en) | Server and method for authentication using sound code | |
| US20140053251A1 (en) | User account recovery | |
| CN105323253A (en) | Identity verification method and device | |
| CN105162775A (en) | Logging method and device of virtual machine | |
| CN112118269A (en) | Identity authentication method, system, computing equipment and readable storage medium | |
| CN106161475A (en) | The implementation method of subscription authentication and device | |
| CN107483477B (en) | Account management method and account management system | |
| CN111241523B (en) | Authentication processing method, device, equipment and storage medium | |
| CN113761509B (en) | iframe verification login method and device | |
| CN115022047A (en) | Account login method and device based on multi-cloud gateway, computer equipment and medium | |
| CN107172082B (en) | File sharing method and system | |
| JP2004070814A (en) | Server security management method, device and program | |
| CN115086090A (en) | Network login authentication method and device based on UKey | |
| CN115776400A (en) | Identity authentication method, device, system and equipment across multiple identity authentication centers | |
| CN112350982B (en) | Resource authentication method and device | |
| CN111723347B (en) | Identity authentication method, identity authentication device, electronic equipment and storage medium | |
| CN113901428A (en) | Login method and device of multi-tenant system | |
| KR20180034199A (en) | Unified login method and system based on single sign on service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |