CN116361766A - Service system login method, system, equipment and computer readable storage medium - Google Patents

Service system login method, system, equipment and computer readable storage medium Download PDF

Info

Publication number
CN116361766A
CN116361766A CN202111617006.XA CN202111617006A CN116361766A CN 116361766 A CN116361766 A CN 116361766A CN 202111617006 A CN202111617006 A CN 202111617006A CN 116361766 A CN116361766 A CN 116361766A
Authority
CN
China
Prior art keywords
login
user
information
user account
service system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111617006.XA
Other languages
Chinese (zh)
Inventor
祁威威
韦章兵
方标新
贺东华
毛苏杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN202111617006.XA priority Critical patent/CN116361766A/en
Publication of CN116361766A publication Critical patent/CN116361766A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3438Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The embodiment of the invention provides a business system login method, a system, equipment and a computer readable storage medium, wherein the method comprises the following steps: the authentication and authorization system acquires a user account, identity authentication information corresponding to the user account and login request information for a specified service system; if the identity authentication is successful according to the user account and the identity authentication information, whether the user account has login permission to the appointed service system is authenticated; if the authentication is successful, generating user login information; and sending the user login information to the appointed service system, and releasing the user login information to a blockchain. The service system receives user login information corresponding to a user account sent by the authentication and authorization system; judging whether the received user login information exists in the blockchain, and if so, authorizing the user account to login the service system.

Description

Service system login method, system, equipment and computer readable storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a business system login method, a system, a device, and a computer readable storage medium.
Background
With the rapid development of information technology and network technology, in some application scenarios, more and more service systems are needed to be used by the same user. For each service system to be independent in architecture, the user must log in according to the corresponding authentication information before using each service system. For this reason, the user must set a user name and a password for each system, which causes a lot of trouble to the user.
Aiming at the problems, the common solution is to develop an authentication and authorization system and a service system by adopting a Single Sign-On (SSO) scheme so as to realize the effect that a user can access all service systems which are mutually trusted only by logging in the authentication and authorization system once. The SSO scheme requires that the service system be tightly coupled with the authentication and authorization system, i.e., that both systems follow a common communication protocol and use a shared key to encrypt communications to ensure data trust. Therefore, the overall system architecture has higher coupling degree and is difficult to flexibly adjust.
Disclosure of Invention
The embodiment of the invention provides a business system login method, a system, equipment and a computer readable storage medium, which are used for solving the problem that the SSO architecture in the prior art is high in coupling degree and difficult to flexibly adjust.
The embodiment of the invention provides a business system login method, which is applied to an authentication and authorization system and comprises the following steps:
acquiring a user account, identity authentication information corresponding to the user account and login request information for a specified service system;
if the identity authentication is successful according to the user account and the identity authentication information, whether the user account has login permission to the appointed service system is authenticated;
if the authentication is successful, generating user login information;
and sending the user login information to the appointed service system, and releasing the user login information to a blockchain so that the appointed service system searches the same user login information in the blockchain according to the received user login information, and determines whether to authorize the user account to login the appointed service system based on a search result.
Optionally, after obtaining the user account, the identity authentication information corresponding to the user account, and the login request information for the specified service system, the method further includes:
and if the identity authentication fails according to the user account and the identity authentication information, returning an identity authentication information error notification to the user account.
Optionally, after authenticating whether the user account has login authority to the specified service system, the method further includes:
and if the authentication fails, returning a login permission error notification to the user account.
Optionally, the method further comprises:
generating an operation log and adopting a national encryption algorithm to encrypt and store;
and responding to an operation log obtaining instruction of the management account, verifying the authorization information provided by the management account, decrypting the operation log by adopting a national encryption algorithm after verification is successful, and providing the operation log to the management account.
Optionally, the user account is an unnatural account, and the identity authentication information is natural person identity authentication information represented by a natural person corresponding to the unnatural account;
and carrying out identity authentication according to the user account and the identity authentication information, wherein the method comprises the following steps:
determining a natural person representation corresponding to the non-natural person account;
and carrying out identity authentication according to the identity authentication information of the natural person represented by the natural person.
Based on the same inventive concept, the embodiment of the invention also provides a business system login method, which is applied to a business system and comprises the following steps:
receiving user login information corresponding to a user account sent by an authentication and authorization system, wherein the user login information is sent by the authentication and authorization system after the authentication and authorization system performs identity authentication based on the user account and corresponding identity authentication information, and determining that the user account has login permission of a specified service system;
judging whether the received user login information exists in the blockchain, and if so, authorizing the user account to login the service system.
Based on the same inventive concept, the embodiment of the invention also provides an authentication system, comprising:
the login request receiving module is used for acquiring a user account, identity authentication information corresponding to the user account and login request information for a specified service system;
the authentication and authorization module is used for authenticating whether the user account has login permission to the appointed service system if the user account is successfully authenticated according to the user account and the identity authentication information;
the user login information generation module is used for generating user login information if authentication is successful;
and the notification module is used for sending the user login information to the appointed service system and releasing the user login information to a blockchain so that the appointed service system searches the same user login information in the blockchain according to the received user login information and determines whether the user account is authorized to login the appointed service system or not based on a search result.
Based on the same inventive concept, the embodiment of the invention also provides a service system, which comprises:
the notification receiving module is used for receiving user login information corresponding to a user account sent by the authentication and authorization system, wherein the user login information is sent by the authentication and authorization system after the authentication and authorization system performs identity authentication based on the user account and the corresponding identity authentication information and determines that the user account has login permission of a specified service system;
and the login module is used for judging whether the received user login information exists in the blockchain, and if so, authorizing the user account to login the service system.
Based on the same inventive concept, an embodiment of the present invention further provides an apparatus, including: a processor and a memory for storing instructions executable by the processor;
the processor is configured to execute the instruction to implement the service system login method applied to the authentication and authorization system or implement the service system login method applied to the service system.
Based on the same inventive concept, the embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program is used for realizing the service system login method applied to the authentication and authorization system or realizing the service system login method applied to the service system.
The invention has the following beneficial effects:
according to the business system login method, the system, the equipment and the computer readable storage medium, the business system which is responsible for judging whether the user is allowed to log in the business system is still adopted, the business system controls whether the user logs in the framework of the business system according to the notice of the authentication system, the business system searches whether the user login information which is the same as the received user login information exists in the blockchain to judge whether the user can log in, the characteristics that the blockchain is difficult to tamper and difficult to forge are utilized to verify whether the received user login information is the information sent by the authentication system, so that the notice of allowing the user to log in the business system is not required to be transmitted between the business system and the authentication system in an encryption mode, the coupling degree between the business system and the authentication system is reduced, the butt joint between the business system and the authentication system is simplified, and the whole system framework can be adjusted more flexibly. In addition, in the embodiment of the invention, the user login information is published to the blockchain through the authentication and authorization system, so that the operation of logging in the service system each time of all users can be recorded, the user login information in the blockchain is difficult to forge and falsify, and the follow-up quality assurance as trusted evidence is facilitated.
Drawings
Fig. 1 is a schematic architecture diagram of a service platform according to an embodiment of the present invention;
fig. 2 is a flowchart of a service system login method applied to an authentication and authorization system according to an embodiment of the present invention;
fig. 3 is a flowchart of a service system login method applied to a service system according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an authentication system according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a service system according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order that the above objects, features and advantages of the invention will be readily understood, a further description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar structures, and thus a repetitive description thereof will be omitted. The words expressing the positions and directions described in the present invention are described by taking the drawings as an example, but can be changed according to the needs, and all the changes are included in the protection scope of the present invention. The drawings of the present invention are merely schematic representations of relative positional relationships and are not intended to represent true proportions.
It is noted that in the following description, specific details are set forth in order to provide a thorough understanding of the present invention. The present invention may be embodied in many other forms than those herein described, and those skilled in the art may readily devise numerous other arrangements that do not depart from the spirit of the invention. Therefore, the present invention is not limited by the specific embodiments disclosed below. The description hereinafter sets forth the preferred embodiment for carrying out the present application, but is not intended to limit the scope of the present application in general, for the purpose of illustrating the general principles of the present application. The scope of the present application is defined by the appended claims.
The business system login method, system, equipment and computer readable storage medium provided by the embodiment of the invention are specifically described below with reference to the accompanying drawings.
The business system login method provided by the embodiment of the invention can be applied to the business platform architecture shown in figure 1. Wherein the whole service platform architecture comprises an authentication and authorization system A and at least one service system B, wherein the authentication and authorization system A can be composed of at least one server, and each service system B can be composed of at least one server. The authentication and authorization system A is used for verifying the identity of a user and authenticating whether the user has login permission for a designated service system requesting login or not, and notifying the designated service system to allow the user to login after the identity verification and the authentication pass; each service system B is used for enabling the user to log in and realizing corresponding service for the user after receiving the notification of the authentication and authorization system A for allowing the user to log in.
Specifically, for the authentication and authorization system a, the service system login method provided by the embodiment of the present invention, as shown in fig. 2, includes:
s110, a user account, identity authentication information corresponding to the user account and login request information for a specified service system are obtained.
S120, carrying out identity authentication according to the user account number and the identity authentication information.
If the authentication in step S120 is successful, step S130 is executed.
S130, authenticating whether the user account has login permission for the appointed service system.
If the authentication in the step S130 is successful, step S140 is executed.
S140, generating user login information.
In the implementation process, the user login information comprises a user account, login time and login verification information. The login verification information may be public key infrastructure (Public Key Infrastructure, PKI) certificate, random number, etc., which is not particularly limited herein.
And S150, sending the user login information to the appointed service system, and publishing the user login information to a blockchain. And the appointed service system searches the same user login information in the blockchain according to the received user login information, and determines whether the user account is authorized to login the appointed service system or not based on the search result.
In an implementation, the blockchain may be a federated chain, such as super ledger Hyperledger Fabric, blockchain Service Network (BSN), and the like, and is not limited herein.
Correspondingly, for the service system B, the service system login method provided by the embodiment of the present invention, as shown in fig. 3, includes:
s210, receiving user login information corresponding to user accounts sent by other systems.
S220, judging whether the received user login information exists in the blockchain.
If the result of the step S220 is yes, step S230 is executed. If the result of the step S220 is no, step S240 is executed.
S230, authorizing the user account to log in the appointed service system.
In the implementation process, if the user login information can be found in the blockchain, the user login information received by the specified service system is proved to be the user login information sent to the specified service system by the authentication and authorization system through the method. The user login information is sent by the authentication and authorization system after the authentication and authorization system performs identity authentication based on the user account and corresponding identity authentication information and determines that the user account has the login authority of the appointed service system.
S240, refusing the user account to log in the appointed service system.
In the implementation process, if the user login information cannot be found in the blockchain, the user login information received by the specified service system is very likely to be fake user login information sent to the specified service system by illegal equipment disguised as an authentication and authorization system.
Therefore, under the framework that the authentication and authorization system is still adopted to judge whether the user is allowed to log in the service system, the service system controls whether the user logs in the service system according to the notice of the authentication and authorization system, the service system searches whether the user login information which is the same as the received user login information exists in the blockchain to judge whether the user can log in, and the characteristics that the blockchain is difficult to tamper and forge are utilized to verify whether the received user login information is the information sent by the authentication and authorization system, so that the notice of allowing the user to log in the service system is not required to be transmitted between the service system and the authentication and authorization system in an encryption mode, the coupling degree between the service system and the authentication and authorization system is reduced, the butt joint between the service system and the authentication and authorization system is simplified, and the whole system framework can be adjusted more flexibly. In addition, in the embodiment of the invention, the user login information is published to the blockchain through the authentication and authorization system, so that the operation of logging in the service system each time of all users can be recorded, the user login information in the blockchain is difficult to forge and falsify, and the follow-up quality assurance as trusted evidence is facilitated.
For an authentication and authorization system:
alternatively, as shown in fig. 2, if the authentication in step S120 fails, step S121 is performed.
S121, returning an identity authentication information error notification to the user account.
Optionally, as shown in fig. 2, if the authentication in step S130 fails, step S131 is performed.
S131, returning a login permission error notification to the user account.
Optionally, the method further comprises (not shown in fig. 2):
s160, generating an operation log and adopting a national encryption algorithm to encrypt and store.
S170, verifying authorization information provided by the management account in response to an operation log obtaining instruction of the management account, decrypting the operation log by adopting a national encryption algorithm after verification is successful, and providing the operation log to the management account.
Therefore, the operation log is generated for all operations of the authentication and authorization system and is stored by adopting the national encryption algorithm, and the operation log can be checked after the management account provides the authorization information.
In the embodiment of the present invention, in step S120, the authentication is performed according to the user account and the authentication information, and different manners of authentication may be performed according to the types of different user accounts and the needs of different authentication information. Specifically, user accounts may be classified into natural person accounts and non-natural person accounts (e.g., french accounts). For a natural person account, the identity authentication information may include at least one of:
(1) The password of the user account.
Such as a character password, a graphic password, etc.
(2) User biometric information.
Including user fingerprints, voiceprints, irises, facial image information, etc.
(3) And the network platform corresponding to the third party account sends authorized login information, wherein the acquired user account is the third party account bound by the account registered by the user on the authentication system.
(4) A connection request of a user to a link specified by the authentication and authorization system.
For example, the link is a unique link generated randomly and sent by the authentication and authorization system to a mailbox or a mobile phone number bound to a user account.
(5) Verification code.
For example, the verification code is a mail verification code carried in a mail sent by the authentication and authorization system to a mailbox bound to the user account, or a short message verification code sent by the authentication and authorization system to a mobile phone number bound to the user account.
(6) A user name.
(7) The user's real-name mobile phone number.
(8) The user statutory certificate number.
Including identification numbers, port and australia pass numbers, cell pass numbers, foreigner residence numbers, etc.
(9) The user statutes the document image.
Including an original image or a copy image of an identification card image, a passport image, a soldier license image, a police officer license image, or the like.
(10) Authentication information of legal certificates of users by legal certificate verification equipment.
For example, the authentication information of the authentication system is generated and uploaded after the authentication device verifies the user identity card.
(11) Digital certificate verification information.
The digital certificate comprises a soft digital certificate stored on the user terminal equipment and a hard digital certificate stored on special equipment held by a user.
(12) The user is real-time video information.
(13) User image information.
For example, a photographed image of a user holding a legal document.
And for an unnatural account (e.g., a legal account), the authentication information may include the authentication information of the unnatural person itself and the authentication information of the natural person representative of the unnatural person. Wherein the identity authentication information of the unnatural person can comprise at least one of the following:
(1) The password of the user account.
(2) The user statutory certificate number.
Such as a unified social credit code, etc.
(3) Digital certificate verification information.
Such as digital certificate verification information of tax controllers (including tax discs, etc.).
(4) The user statutes the document image.
Such as an image of an original or copy of a business license.
Further, since an unnatural person (e.g., a legal person) will typically have a corresponding natural person representation (e.g., a legal person representation), the natural person representation (e.g., a legal person representation) of the unnatural person (e.g., a legal person) may represent the behavior of the corresponding unnatural person (e.g., a legal person). Thus, a natural person representative (e.g., a legal person representative) of an unnatural person (e.g., a legal person) may be authenticated. The specific scheme of the authentication information of the natural account number can be referred to, so that the description is omitted.
Optionally, the user account is an unnatural account, and the identity authentication information is natural person identity authentication information represented by a natural person corresponding to the unnatural account;
step S120, performing identity authentication according to the user account and the identity authentication information, includes:
determining a natural person representation corresponding to the non-natural person account;
and carrying out identity authentication according to the identity authentication information of the natural person represented by the natural person.
It should be noted that, when performing identity authentication, the corresponding identity authentication process may be performed by using one type of identity authentication information, or the corresponding identity authentication process may be performed by using a combination of multiple types of identity authentication information. The identity authentication information of the natural person or the identity authentication information of the natural person representative of the non-natural person comprises a user legal certificate number, a user real-name mobile phone number and a short message verification code sent to the user real-name mobile phone number. And the authentication and authorization system authenticates whether the user requesting to log in the appointed service system is a person stated by the authentication and authorization system through the authentication of whether the legal certificate number of the user and the real-name mobile phone number of the user correspond to the same person or not, and whether the short message authentication code uploaded by the user is the short message authentication code sent to the real-name mobile phone number of the user or not. For a natural person account, the common setting scheme of the identity authentication information comprises:
(1) Mail verification code.
(2) Short message verification code.
(3) Short message verification code + identification card number.
(4) Legal documents (including identity cards, passports, military documents, soldier documents, police officers documents, foreigners passports) are imaged.
(5) Foreigners real-time video information.
(6) The shot user holds an image of the identity card and an image of the identity card.
(7) Authentication information of corresponding certificates of users by authentication equipment of identity cards, port and Australian passes, cell passes and foreigner residence passes.
(8) User face image + identification card number.
(9) Digital certificate verification information.
For the account number of the unnatural person, the common setting scheme of the identity authentication information comprises the following steps:
(1) Business license images.
(2) Digital certificate verification information.
(3) The identification card verification device is used for verifying identification card identification information of natural person representative (such as legal person representative) of non-natural person and human face image information of the natural person representative (such as legal person representative).
(4) Real-name mobile phone number + short message verification code of natural person representative (such as legal person representative) of non-natural person.
Based on the same inventive concept, the embodiment of the present invention further provides an authentication and authorization system, as shown in fig. 4, including:
the login request receiving module M101 is used for acquiring a user account, identity authentication information corresponding to the user account and login request information for a specified service system;
the authentication and authorization module M102 is configured to authenticate whether the user account has login permission to the specified service system if the authentication is successful according to the user account and the identity authentication information;
the user login information generating module M103 is used for generating user login information if authentication is successful;
and the notification module M104 is used for sending the user login information to the appointed service system and releasing the user login information to a blockchain so that the appointed service system searches the same user login information in the blockchain according to the received user login information and determines whether the user account is authorized to login the appointed service system or not based on a search result.
Optionally, the authentication module M102 is further configured to:
if the identity authentication fails according to the user account and the identity authentication information, returning an identity authentication information error notification to the user account;
optionally, the user login information generating module M103 is further configured to:
and if the authentication fails, returning a login permission error notification to the user account.
Optionally, the authentication and authorization system further comprises:
the log generation module M105 is used for generating an operation log and adopting a national encryption algorithm for encryption and storage;
and the log checking module M106 is used for responding to an operation log obtaining instruction of the management account, verifying the authorization information provided by the management account, decrypting the operation log by adopting a national encryption algorithm after verification is successful, and providing the operation log to the management account.
Optionally, the user account is an unnatural account, and the identity authentication information is natural person identity authentication information represented by a natural person corresponding to the unnatural account;
and carrying out identity authentication according to the user account and the identity authentication information, wherein the method comprises the following steps:
determining a natural person representation corresponding to the non-natural person account;
and carrying out identity authentication according to the identity authentication information of the natural person represented by the natural person.
Based on the same inventive concept, an embodiment of the present invention further provides a service system, as shown in fig. 5, including:
the notification receiving module M201 is configured to receive user login information corresponding to a user account sent by an authentication and authorization system, where the user login information is sent by the authentication and authorization system after performing identity authentication based on the user account and corresponding identity authentication information, and determining that the user account has login permission of a specified service system;
and the login module M202 is used for judging whether the received user login information exists in the blockchain, and if so, authorizing the user account to login the service system.
It should be noted that, in the embodiment of the present invention, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation. In addition, each module in each embodiment of the present application may be integrated in one processing unit, or each module may exist alone physically, or two or more modules may be integrated in one module. The integrated modules may be implemented in hardware or in software functional units.
Because the working principles of the authentication and authorization system and the service system are the same as the service system login method applied to the authentication and authorization system and the service system login method applied to the service system, respectively, the implementation of the two systems can refer to the implementation of the corresponding methods, and the repetition is omitted.
Based on the same inventive concept, an embodiment of the present invention further provides an apparatus, as shown in fig. 6, including: a processor 110 and a memory 120 for storing instructions executable by the processor 110; wherein the processor 110 is configured to execute the instructions to implement the service system login method applied to an authentication and authorization system or to a service system.
In a specific implementation, the apparatus may include one or more processors 110, a memory 120, and a computer-readable storage medium 130, where the memory 120 and/or the computer-readable storage medium 130 includes one or more application programs 131 or data 132. One or more operating systems 133, such as Windows, mac OS, linux, IOS, android, unix, freeBSD, etc., may also be included in the memory 120 and/or computer-readable storage medium 130. Wherein the memory 120 and the computer-readable storage medium 130 may be transitory or persistent storage. The application 131 may include one or more of the modules (not shown in fig. 6), each of which may include a series of instruction operations. Still further, the processor 110 may be arranged to communicate with a computer readable storage medium 130 on which a series of instruction operations in the computer readable storage medium 130 are executed. The device may also include one or more power sources (not shown in fig. 6); one or more network interfaces 140, the network interfaces 140 comprising a wired network interface 141 and/or a wireless network interface 142; one or more input/output interfaces 143.
Based on the same inventive concept, the embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program is used for realizing the service system login method applied to the authentication and authorization system or the service system.
According to the business system login method, the system, the equipment and the computer readable storage medium, the business system which is responsible for judging whether the user is allowed to log in the business system is still adopted, the business system controls whether the user logs in the framework of the business system according to the notice of the authentication system, the business system searches whether the user login information which is the same as the received user login information exists in the blockchain to judge whether the user can log in, the characteristics that the blockchain is difficult to tamper and difficult to forge are utilized to verify whether the received user login information is the information sent by the authentication system, so that the notice of allowing the user to log in the business system is not required to be transmitted between the business system and the authentication system in an encryption mode, the coupling degree between the business system and the authentication system is reduced, the butt joint between the business system and the authentication system is simplified, and the whole system framework can be adjusted more flexibly. In addition, in the embodiment of the invention, the user login information is published to the blockchain through the authentication and authorization system, so that the operation of logging in the service system each time of all users can be recorded, the user login information in the blockchain is difficult to forge and falsify, and the follow-up quality assurance as trusted evidence is facilitated.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (10)

1. The business system login method is characterized by being applied to an authentication and authorization system and comprising the following steps:
acquiring a user account, identity authentication information corresponding to the user account and login request information for a specified service system;
if the identity authentication is successful according to the user account and the identity authentication information, whether the user account has login permission to the appointed service system is authenticated;
if the authentication is successful, generating user login information;
and sending the user login information to the appointed service system, and releasing the user login information to a blockchain so that the appointed service system searches the same user login information in the blockchain according to the received user login information, and determines whether to authorize the user account to login the appointed service system based on a search result.
2. The method of claim 1, wherein after obtaining the user account, the identity authentication information corresponding to the user account, and the login request information for the specified service system, the method further comprises:
and if the identity authentication fails according to the user account and the identity authentication information, returning an identity authentication information error notification to the user account.
3. The method of claim 1, wherein after authenticating whether the user account has login rights to the specified business system, the method further comprises:
and if the authentication fails, returning a login permission error notification to the user account.
4. The method of claim 1, wherein the method further comprises:
generating an operation log and adopting a national encryption algorithm to encrypt and store;
and responding to an operation log obtaining instruction of the management account, verifying the authorization information provided by the management account, decrypting the operation log by adopting a national encryption algorithm after verification is successful, and providing the operation log to the management account.
5. The method of claim 1, wherein the user account is an unnatural account, and the identity authentication information is natural person identity authentication information represented by a natural person corresponding to the unnatural account;
and carrying out identity authentication according to the user account and the identity authentication information, wherein the method comprises the following steps:
determining a natural person representation corresponding to the non-natural person account;
and carrying out identity authentication according to the identity authentication information of the natural person represented by the natural person.
6. A business system login method, which is characterized by being applied to a business system and comprising the following steps:
receiving user login information corresponding to a user account sent by an authentication and authorization system, wherein the user login information is sent by the authentication and authorization system after the authentication and authorization system performs identity authentication based on the user account and corresponding identity authentication information, and determining that the user account has login permission of a specified service system;
judging whether the received user login information exists in the blockchain, and if so, authorizing the user account to login the service system.
7. An authentication system, comprising:
the login request receiving module is used for acquiring a user account, identity authentication information corresponding to the user account and login request information for a specified service system;
the authentication and authorization module is used for authenticating whether the user account has login permission to the appointed service system if the user account is successfully authenticated according to the user account and the identity authentication information;
the user login information generation module is used for generating user login information if authentication is successful;
and the notification module is used for sending the user login information to the appointed service system and releasing the user login information to a blockchain so that the appointed service system searches the same user login information in the blockchain according to the received user login information and determines whether the user account is authorized to login the appointed service system or not based on a search result.
8. A business system, comprising:
the notification receiving module is used for receiving user login information corresponding to a user account sent by the authentication and authorization system, wherein the user login information is sent by the authentication and authorization system after the authentication and authorization system performs identity authentication based on the user account and the corresponding identity authentication information and determines that the user account has login permission of a specified service system;
and the login module is used for judging whether the received user login information exists in the blockchain, and if so, authorizing the user account to login the service system.
9. An apparatus, comprising: a processor and a memory for storing instructions executable by the processor;
wherein the processor is configured to execute the instructions to implement a service system login method for an authentication and authorization system according to any one of claims 1 to 5 or to implement a service system login method for a service system according to claim 6.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for implementing a service system login method applied to an authentication and authorization system according to any one of claims 1 to 5 or for implementing a service system login method applied to a service system according to claim 6.
CN202111617006.XA 2021-12-27 2021-12-27 Service system login method, system, equipment and computer readable storage medium Pending CN116361766A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111617006.XA CN116361766A (en) 2021-12-27 2021-12-27 Service system login method, system, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111617006.XA CN116361766A (en) 2021-12-27 2021-12-27 Service system login method, system, equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN116361766A true CN116361766A (en) 2023-06-30

Family

ID=86914456

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111617006.XA Pending CN116361766A (en) 2021-12-27 2021-12-27 Service system login method, system, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN116361766A (en)

Similar Documents

Publication Publication Date Title
US10516538B2 (en) System and method for digitally signing documents using biometric data in a blockchain or PKI
CN107079034B (en) Identity authentication method, terminal equipment, authentication server and electronic equipment
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN110990827A (en) Identity information verification method, server and storage medium
JP5601729B2 (en) How to log into a mobile radio network
CN111931144B (en) Unified safe login authentication method and device for operating system and service application
WO2017190057A1 (en) Methods and apparatus for providing attestation of information using a centralized or distributed ledger
CN111431719A (en) Mobile terminal password protection module, mobile terminal and password protection method
WO2019226115A1 (en) Method and apparatus for user authentication
WO2021190197A1 (en) Method and apparatus for authenticating biometric payment device, computer device and storage medium
CN104767617A (en) Message processing method, system and related device
CN111541713A (en) Identity authentication method and device based on block chain and user signature
CN111031539A (en) Method and system for enhancing login security of Windows operating system based on mobile terminal
CN114531277A (en) User identity authentication method based on block chain technology
CN106209793A (en) A kind of auth method and checking system
CN113487321A (en) Identity identification and verification method and system based on block chain wallet
US11823194B2 (en) Decentralized biometric authentication platform
KR102157695B1 (en) Method for Establishing Anonymous Digital Identity
US20200412541A1 (en) Authentication ledger interactions for decentralized biometric authentication
US20210037009A1 (en) Biometric data sub-sampling during decentralized biometric authentication
US20210044429A1 (en) Biometric data protection during decentralized biometric authentication
CN110995661B (en) Network card platform
CN111600701A (en) Private key storage method and device based on block chain and storage medium
CN110807210A (en) Information processing method, platform, system and computer storage medium
CN111078649A (en) Block chain-based on-cloud file storage method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination