CN116401638A - Single sign-on method, device, equipment and storage medium - Google Patents
Single sign-on method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116401638A CN116401638A CN202310385830.XA CN202310385830A CN116401638A CN 116401638 A CN116401638 A CN 116401638A CN 202310385830 A CN202310385830 A CN 202310385830A CN 116401638 A CN116401638 A CN 116401638A
- Authority
- CN
- China
- Prior art keywords
- verification
- data
- login
- user
- identification number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012795 verification Methods 0.000 claims abstract description 166
- 238000013475 authorization Methods 0.000 claims abstract description 31
- 230000004044 response Effects 0.000 claims abstract description 4
- 230000015654 memory Effects 0.000 claims description 30
- 238000007726 management method Methods 0.000 description 52
- 238000004891 communication Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a single sign-on method, a device, equipment and a storage medium, comprising the following steps: receiving encrypted user data sent by an office system in response to a login request, wherein the encrypted user data is obtained by encryption based on a preset public key; decrypting the encrypted user data based on a preset private key to obtain decrypted user data, verifying the decrypted user data, and determining a user verification result; when the user verification result is that verification is passed, generating an authorization identification number, and sending the authorization identification number to the office system; and receiving verification data sent by the office system, and verifying the verification data to determine a login result of the EBS system, wherein the verification data comprises an authorized identification number. The method can avoid login requests initiated by illegal office systems, and improves the security of logging in the EBS system through two times of verification.
Description
Technical Field
The present invention relates to the field of network technologies, and in particular, to a single sign-on method, device, equipment, and storage medium.
Background
Oracle ERP (Enterprise resource planning) refers to organizing a set of software for managing daily business activities, including accounting, purchasing, project management, risk management and compliance, supply chain operations, and the like. Enterprises of various industries use Oracle ERP to manage financial systems such as production, manufacturing, cost, payable, etc., where many relevant enterprise core data are stored.
With the social development, the business change of enterprises has new knowledge and requirements for managing the internal account numbers of the enterprises, and the data interaction needs to perform unified management on the account authentication of each system, including unified management on the account of ERP. One example of this is Single Sign On (SSO), which involves ERP, and only one Sign On is needed to access mutually trusted applications. For enterprises using Oracle ERP, if the Oracle ERP account needs to be managed uniformly, an electronic commerce Suite (Oracle E-Business Suite) and a code scheme provided by the Oracle company need to be purchased, which may be difficult to meet the requirements of some enterprises with higher security requirements.
Disclosure of Invention
In view of this, the embodiments of the present invention provide a single sign-on method, apparatus, device and storage medium, so as to meet the requirements of different enterprises for single sign-on.
According to a first aspect, an embodiment of the present invention provides a single sign-on method, applied to an EBS system, including:
receiving encrypted user data sent by an office system in response to a login request, wherein the encrypted user data is obtained by encryption based on a preset public key;
decrypting the encrypted user data based on a preset private key to obtain decrypted user data, verifying the decrypted user data, and determining a user verification result;
when the user verification result is that verification is passed, generating an authorization identification number, and sending the authorization identification number to the office system;
and receiving verification data sent by the office system, and verifying the verification data to determine a login result of the EBS system, wherein the verification data comprises an authorized identification number.
The single sign-on method provided by the embodiment of the invention is applied to an EBS system, the encrypted user data sent by the office system is received according to the login request of the office system and verified, the authorization identification number is sent to the office system after verification is passed, and verification data containing the authorization identification number is received, so that the login result of the EBS system is determined. The method can avoid login requests initiated by illegal office systems, and improves the security of logging in the EBS system through two times of verification.
In some embodiments, the decrypting the encrypted user data based on the preset private key to obtain decrypted user data includes:
acquiring a preset private key and storing the preset private key;
calling a preset private key based on the received encrypted user data;
and decrypting the encrypted user data based on the preset private key to obtain decrypted user data.
In some embodiments, the verifying the decrypted user data, determining a user verification result, includes:
presetting a user information database, wherein the decrypted user data comprises a user name;
searching the user name in the user information database, and when the user name exists in the user information database, determining that the user verification result is verification passing.
In some embodiments, receiving the verification data sent by the office system and verifying the verification data to determine a login result of the EBS system includes:
presetting an identification number database;
receiving verification data sent by the office system, and verifying an authorized identification number in the verification data based on an identification number database within preset time to obtain an identification number verification result;
and determining login when the identification number verification result is that verification is passed.
In some embodiments, the verifying the authorized identification number in the verification data based on the identification number database within the preset time, after obtaining the identification number verification result, further includes:
and when the identification number verification result is verification failure, displaying a login failure interface.
In some embodiments, when the office system is connected to a single point management system, the method further comprises:
receiving encrypted login data sent by a single point management system;
decrypting the encrypted login data based on a preset algorithm to obtain decrypted login data;
sending the decrypted login data to the single point management system, and obtaining a verification result of the single point management system on the decrypted login data;
and determining the login result of the EBS system based on the verification result.
In some embodiments, the determining a login result of the EBS system based on the verification result includes:
and displaying a login failure interface when the verification result is verification failure.
According to a second aspect, an embodiment of the present invention provides a single sign-on device, including:
the data receiving module is used for responding to the login request and receiving encrypted user data sent by the office system, wherein the encrypted user data is obtained by encryption based on a preset public key;
the data decryption module is used for decrypting the encrypted user data based on a preset private key to obtain decrypted user data, verifying the decrypted user data and determining a user verification result;
the identification sending module is used for sending an authorized identification number to the office system when the user verification result is that the user verification result passes the verification;
and the login determining module is used for receiving the verification data sent by the office system and verifying the verification data to determine the login result of the EBS system, wherein the verification data comprises an authorized identification number.
According to a third aspect, an embodiment of the present invention provides an electronic device, including: the system comprises a memory and a processor, wherein the memory and the processor are in communication connection, the memory stores computer instructions, and the processor executes the computer instructions, so as to execute the single sign-on method in the first aspect or any implementation manner of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer readable storage medium storing computer instructions for causing a computer to perform the single sign-on method of the first aspect or any implementation manner of the first aspect.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a single sign-on method according to an embodiment of the invention;
FIG. 2 is a flow chart of a single sign-on method according to an embodiment of the invention;
FIG. 3 is a flow chart of a single sign-on method according to an embodiment of the invention;
FIG. 4 is a schematic diagram of a single sign-on device according to an embodiment of the invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The single sign-on method provided by the embodiment of the invention is applied to an EBS (electronic commerce suite) system, the EBS system is an ERP product, and the EBS system can be directly connected with an office system (such as an OA system) or connected with a single sign-on management system (SSO) to realize single sign-on under different conditions. The method is specifically described below by way of specific examples.
In accordance with an embodiment of the present invention, a single sign-on method embodiment is provided, it being noted that the steps illustrated in the flowchart of the figures may be performed in a computer system, such as a set of computer executable instructions, and, although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in an order other than that illustrated herein.
In this embodiment, a single sign-on method is provided and applied to an EBS system, and fig. 1 is a flowchart of the single sign-on method according to an embodiment of the present invention, as shown in fig. 1, where the flowchart includes the following steps:
s11, receiving encrypted user data sent by the office system in response to the login request, wherein the encrypted user data is obtained by encryption based on a preset public key.
The login request is initiated by a user in an office system (for example, an office automation system, abbreviated as OA), specifically, after the user logs in the office system, a link indicating that an E-Business Suite (abbreviated as EBS) system is connected is clicked in an office system page, and the login request can be initiated to the EBS system. The enterprise in this embodiment does not purchase the single point management system, so when the office system initiates a login request, the user data is encrypted, and the public key pre-deployed in the office system is used to encrypt the user data, that is, the preset public key. The encrypted user data is obtained after encryption, and the user data comprises a user name input when a user logs in an office system, the time of initiating a single sign-on request and a single-point request source system.
S12, decrypting the encrypted user data based on a preset private key to obtain decrypted user data, verifying the decrypted user data, and determining a user verification result.
The preset private key and the preset public key are a pair of keys generated based on an RSA encryption algorithm during program deployment, the preset private key is deployed on a server of the EBS in advance, after encrypted user data is received, the preset private key in the server is called, the encrypted user data is decrypted by the preset private key, decrypted user data is obtained, whether the decrypted user data is legal or not is verified, a user verification result is obtained, and the user verification result comprises verification passing and verification failing. The specific verification method is not limited herein, and for example, verification of whether the user name of the user is stored in the database may be performed by searching the database. If the verification is not passed, the decrypted user data is not legal, the EBS server can not be logged in, and a prompt message can be returned to indicate that the login is not carried out.
And S13, when the user verification result is that the verification is passed, generating an authorization identification number, and transmitting the authorization identification number to the office system.
And when the user verification result is that the verification is passed, generating an authorization identification number. Under the condition that the user verification result is that the user passes the verification, an authorization identification number is generated based on each login request sent by the user, namely, a new authorization identification number is obtained by a user in each login. The authorization identification number is sent to the office system via a pre-set interface (e.g., RESTful API interface).
If a plurality of users initiate login requests to the EBS system at the same time, different authorization identification numbers are sent to the users. The generation manner of the authorization identification number is not limited in this embodiment, and may be, for example, a series of temporary ciphertext authorization identification numbers obtained by encrypting a mixture of an RSA encryption Algorithm and an MD5 Message-Digest Algorithm (MD 5 Message-Digest Algorithm).
And S14, receiving verification data sent by the office system, and verifying the verification data to determine a login result of the EBS system, wherein the verification data comprises an authorized identification number.
After the office system receives the authorization identification number, the office system initiates an access request to the EBS system again with verification data, wherein the verification data comprises the authorization identification number and can also comprise information such as a user name of a login user. After the EBS system receives the verification data, the verification data is verified, including verification of the authorization identification number and other user information in the verification data. The means for verifying the authorization identification number includes verification by a database, and the specific verification means is not limited herein. If the verification is passed, the login of the EBS system can be accepted, and the login result is that the login is successful. If the verification is not passed, the login result is login failure.
The single sign-on method provided by the embodiment of the invention is applied to an EBS system, the encrypted user data sent by the office system is received according to the login request of the office system and verified, the authorization identification number is sent to the office system after verification is passed, and verification data containing the authorization identification number is received, so that the login result of the EBS system is determined. The method can avoid login requests initiated by illegal office systems, and improves the security of logging in the EBS system through two times of verification.
In some embodiments, the decrypting the encrypted user data based on the preset private key in S12 in fig. 1, to obtain decrypted user data includes the following steps:
s21, acquiring a preset private key and storing the preset private key;
s22, calling a preset private key based on the received encrypted user data;
s23, decrypting the encrypted user data based on the preset private key to obtain decrypted user data.
In this embodiment, a pair of keys may be generated based on the RSA algorithm, where a preset private key is stored in a server of the EBS system at the time of program deployment. After receiving the encrypted user data sent by the office system, invoking a preset private key in the server to decrypt the encrypted user data to obtain the user data in a plaintext form.
In some embodiments, the step S12 in fig. 1 of verifying the decrypted user data, determining a user verification result includes the steps of:
s31, presetting a user information database, wherein the decrypted user data comprises a user name;
s32, searching the user name in the user information database, and when the user name exists in the user information database, determining that the user verification result is verification pass.
The user information database stores all the user names accessible to the EBS system, stores the user information database in the server of the EBS system in advance, and updates the user information database after each user registration. The office system encrypts data such as a user name, single-point request time, a single-point request source system and the like, and the EBS system decrypts the encrypted data based on a preset key to obtain decrypted user data and extracts the user name. Searching a user name in a user information database stored in a server of the EBS system, and when the user name exists in the user information database, indicating that the user is registered in advance, and determining that the user verification result is verification passing. If the user name is not found in the user information database after the search, the user name is not stored in the user information database in advance, the user cannot log in the EBS system, and the information which cannot log in can be displayed in the page.
In some embodiments, S14 in fig. 1 includes the steps of:
s41, presetting an identification number database;
s42, receiving verification data sent by the office system, and verifying the authorized identification numbers in the verification data based on an identification number database within preset time to obtain an identification number verification result;
s43, when the identification number verification result is that verification is passed, determining login.
All the authorized identification numbers can be generated based on a hybrid encryption algorithm, an identification number database stores all the generated authorized identification numbers, the identification number database is stored in a server of the EBS system, when user data passes verification, the authorized identification numbers are sent to the office system, verification data sent by the office system are received, the verification data carry the authorized identification numbers, whether the authorized identification numbers exist or not is searched in the identification number database, and whether the validity period of the authorized identification numbers is invalid or not is judged. The generated authorized identification number has timeliness, for example, the authorized identification number is set to be 3 minutes, if the authorized identification number exists in the identification number database and the authorized identification number is detected to be within the 3-minute validity period, the identification number verification result can be determined to be verification passing, success information is returned to the office system, the verification is successful, and the system can log in to the EBS system.
In some embodiments, when the identification number verification result is verification failure, a login failure interface is displayed.
The login failure interface displays error information, if the authorization identification number is invalid, the login failure reason is displayed as the authorization identification number is invalid, and the fact that a single sign-on requester has a problem is indicated, and the authorization identification number needs to be obtained again.
In the method of the embodiment, if the authorized identification number disguised by the office system exists, the verification fails in the second verification, so that the security of the EBS login is ensured.
In some embodiments, when the office system is connected to a single point management system, the method of fig. 1 further comprises:
s51, receiving encrypted login data sent by the single point management system.
In this embodiment, the office system is connected to the single point management system, that is, the enterprise purchases the service of the single point management system, and in general, the single point management system manages all single point authority information in the enterprise, all login information, session information, authority information and the like of the user are uniformly managed by the single point management system, and cannot directly connect to the EBS system in a single point mode.
When a user needs to log in to the EBS system, the user firstly accesses to the single-point management system and carries the login address of the target EBS system, the login address of the EBS system is preset in the office system according to the requirement, and the single-point management system firstly verifies the login address and session information of the EBS system and judges whether the login address is logged in. If the user does not log in, a login interface of the single-point management system is displayed first, and the user needs to log in the single-point management system first.
After a user logs in the single-point management system, the single-point management system sends an access request to the EBS system according to the login address of the EBS system, encrypted login data is sent to the EBS system, the login data is encrypted by the single-point management system according to a preset algorithm, and the encrypted login data is obtained, wherein the login data comprises the user name of the user. In this embodiment, the login data may be encrypted by using an encryption algorithm of the national cipher SM series, and the encryption mode may be set according to the actual requirement during actual use, which is not limited herein.
S52, decrypting the encrypted login data based on a preset algorithm to obtain decrypted login data.
The preset algorithm corresponds to an algorithm adopted when the single point management system encrypts data, the EBS system decrypts the encrypted login data according to the preset algorithm, and the encrypted login data of the ciphertext is converted into decrypted login data in a plaintext form.
S53, sending the decrypted login data to the single point management system, and obtaining a verification result of the single point management system on the decrypted login data.
The decrypted login data comprises a user name, the decrypted login data carried by the EBS system initiates reverse verification to the single point management system, and a verification result of the single point management system on the decrypted login data is obtained.
S54, determining the login result of the EBS system based on the verification result.
And if the verification result is that the verification is passed, the login of the EBS system is realized.
In the method provided by the embodiment, because the office system is connected with the single-point management system, a user accesses the single-point management system when logging in the system, and the single-point management system and the EBS system conduct data transmission and session management through the agreed encryption algorithm and interaction mode, so that the login of the EBS system is realized. By means of the method, the encryption algorithm of the single-point management system can be prevented from being leaked in a two-way verification mode, false requests caused by hijacking of other programs can be prevented, and the single-point login safety of the EBS system is improved under the condition that the single-point management system is arranged.
In some embodiments, S54 comprises: and displaying a login failure interface when the verification result is verification failure.
If the single point management system fails to verify, the verification is prompted to fail, or the single point login platform is returned, and the login request can be initiated again.
The single sign-on method provided by the embodiment of the invention can cope with two situations of purchased single point management systems or un-purchased single point management systems of enterprises, after a single sign-on request, firstly, the received encrypted data is analyzed based on a preset algorithm, plaintext data is analyzed, the validity of the plaintext data is verified, so that whether the data is legal or not is judged, invalid information is returned to a system which initiates a request if the data is not legal, and if the data is illegal, the method can log in an EBS system and return information which is successfully verified to the system which initiates the request. The encryption algorithm supports RSA algorithm, AES algorithm, SM algorithm and the like.
In a specific implementation manner, if the single point management manner described in this embodiment is applied to a ZG EBS system, an enterprise does not purchase the single point management system, and the flow of the single point management manner is shown in fig. 2, taking an office system as an example of the OA system, a user logs in the OA system first, after inputting a user name and a password to log in the OA system, may click on a link in the OA system, where the link may be set in a form of a picture or text in an interface of the OA system, so that the OA system initiates a single point request to the ZG EBS, the ZG EBS first analyzes encrypted user data to obtain decrypted user data, performs a first verification on the decrypted user data, and sends authorization information to the OA system after the verification passes, where the authorization information includes an authorization identification number, the OA system carries the authorization identification number to access the ZG EBS again, the ZG EBS performs a second verification on the authorization identification number and the user name, and may log in the ZG EBS after the verification passes. If the verification result of the first verification or the second verification is verification failure, error information is returned to the OA system to indicate login failure.
In a specific implementation manner, the single point management manner described in this embodiment is applied to a ZG EBS system, if an enterprise purchases a single point management system, as shown in fig. 3, the flow of the single point management manner is that an office system is taken as an OA system, a user logs in the OA system first, if the office system is not logged in, the single point management system is skipped first to log in, if the office system is logged in, the single point management system is accessed, after receiving a single point login request, the ZG EBS system performs at least three handshakes with the single point management system to perform data exchange and security verification, and after the verification passes, the login is implemented.
The single sign-on method provided by the invention has the advantages that the specific codes are controllable, the data encryption algorithm can be replaced according to different security requirements, the international mainstream encryption algorithm and the domestic SM encryption algorithm are supported, the single-point management requirements of most enterprise mainstream office systems are supported, and the specific functions in the EBS system can be directly opened from the peripheral office systems. Specifically, each form, report, etc. in the EBS system is a function, the name of which is unique, and the function is simply told to the office system, and is transmitted to the EBS system according to the agreed parameters. If the user wants to directly open the sales order interface of the EBS system in the office system and automatically find the current sales order information, the sales order information is only required to be transmitted to the EBS system according to the agreed parameters.
The EBS system provided by the invention also supports a bill mode, a SAML mode and an OAuth2.0 mode.
The EBS system can track single sign-on conditions in real time, records each single sign-on request, and sets a database in a server of the EBS system to store the time and the login time of each request access, so that all login conditions can be conveniently known.
The single sign-on method provided by the invention can be used for invalidating the single-point user at any time, taking a financial system as an example, when the financial user signs abnormally, whether the single-point management system or the EBS system has a safety problem can not be determined, and the sign-on authority of the financial user can be set at the moment, so that the invalidating single-point user is realized.
In this embodiment, a single sign-on device is further provided, and the device is used to implement the foregoing embodiments and implementations, and will not be described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
The present embodiment provides a single sign-on device, as shown in fig. 4, including:
the data receiving module is used for responding to the login request and receiving encrypted user data sent by the office system, wherein the encrypted user data is obtained by encryption based on a preset public key;
the data decryption module is used for decrypting the encrypted user data based on a preset private key to obtain decrypted user data, verifying the decrypted user data and determining a user verification result;
the identification sending module is used for sending an authorized identification number to the office system when the user verification result is that the user verification result passes the verification;
and the login determining module is used for receiving the verification data sent by the office system and verifying the verification data to determine the login result of the EBS system, wherein the verification data comprises an authorized identification number.
In some embodiments, the data decryption module includes:
the private key acquisition unit is used for acquiring a preset private key and storing the preset private key;
the private key calling unit is used for calling a preset private key based on the received encrypted user data;
and the data decryption unit is used for decrypting the encrypted user data based on the preset private key to obtain decrypted user data.
In some embodiments, the data decryption module includes:
the user data presetting unit is used for presetting a user information database, and the decrypted user data comprises a user name;
and the user verification unit is used for searching the user name in the user information database, and when the user name exists in the user information database, the user verification result is that the verification is passed.
In some embodiments, the login determination module comprises:
the identification number database setting unit is used for presetting an identification number database;
the data receiving unit is used for receiving verification data sent by the office system, verifying the authorized identification numbers in the verification data based on the identification number database within preset time, and obtaining an identification number verification result;
and the identification number verification unit is used for determining login when the identification number verification result is that verification is passed.
In some embodiments, the login determination module further comprises:
and the first verification failure unit is used for displaying a login failure interface when the identification number verification result is verification failure.
In some embodiments, when the office system is connected to a single point management system, the apparatus further comprises:
the login data receiving unit is used for receiving encrypted login data sent by the single point management system;
the login data decryption unit is used for decrypting the encrypted login data based on a preset algorithm to obtain decrypted login data;
the login data sending unit is used for sending the decrypted login data to the single point management system and obtaining a verification result of the single point management system on the decrypted login data;
and the login result determining unit is used for determining the login result of the EBS system based on the verification result.
In some embodiments, the login result determining unit includes:
and the verification failure subunit is used for displaying a login failure interface when the verification result is verification failure.
The single sign-on device in this embodiment is presented in the form of functional units, where the units refer to ASIC circuits, processors and memories executing one or more software or firmware programs, and/or other devices that can provide the functionality described above.
Further functional descriptions of the above respective modules are the same as those of the above corresponding embodiments, and are not repeated here.
The embodiment of the invention also provides electronic equipment, which is provided with the single sign-on device shown in the figure 4.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an alternative embodiment of the present invention, and as shown in fig. 5, the electronic device may include: at least one processor 601, such as a CPU (Central Processing Unit ), at least one communication interface 603, a memory 604, at least one communication bus 602. Wherein the communication bus 602 is used to enable connected communications between these components. The communication interface 603 may include a Display screen (Display), a Keyboard (Keyboard), and the selectable communication interface 603 may further include a standard wired interface, and a wireless interface. The memory 604 may be a high-speed RAM memory (Random Access Memory, volatile random access memory) or a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 604 may also optionally be at least one storage device located remotely from the processor 601. Where the processor 601 may store an application program in the memory 604 in the apparatus described in connection with fig. 4, and the processor 601 invokes the program code stored in the memory 604 for performing any of the method steps described above.
The communication bus 602 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The communication bus 602 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 5, but not only one bus or one type of bus.
Wherein the memory 604 may comprise volatile memory (english) such as random-access memory (RAM); the memory may also include a nonvolatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated as HDD) or a solid state disk (english: solid-state drive, abbreviated as SSD); memory 604 may also include a combination of the types of memory described above.
The processor 601 may be a central processor (English: central processing unit, abbreviated: CPU), a network processor (English: network processor, abbreviated: NP) or a combination of CPU and NP.
The processor 601 may further comprise a hardware chip, among other things. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof (English: programmable logic device). The PLD may be a complex programmable logic device (English: complex programmable logic device, abbreviated: CPLD), a field programmable gate array (English: field-programmable gate array, abbreviated: FPGA), a general-purpose array logic (English: generic array logic, abbreviated: GAL), or any combination thereof.
Optionally, the memory 604 is also used for storing program instructions. The processor 601 may invoke program instructions to implement a single sign-on method as shown in the embodiments of the present application.
The embodiment of the invention also provides a non-transitory computer storage medium, which stores computer executable instructions, and the computer executable instructions can execute the single sign-on method in any of the above method embodiments. Wherein the storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
Although embodiments of the present invention have been described in connection with the accompanying drawings, various modifications and variations may be made by those skilled in the art without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope of the invention as defined by the appended claims.
Claims (10)
1. A single sign-on method applied to an EBS system, comprising:
receiving encrypted user data sent by an office system in response to a login request, wherein the encrypted user data is obtained by encryption based on a preset public key;
decrypting the encrypted user data based on a preset private key to obtain decrypted user data, verifying the decrypted user data, and determining a user verification result;
when the user verification result is that verification is passed, generating an authorization identification number, and sending the authorization identification number to the office system;
and receiving verification data sent by the office system, and verifying the verification data to determine a login result of the EBS system, wherein the verification data comprises an authorized identification number.
2. The method of claim 1, wherein decrypting the encrypted user data based on the predetermined private key to obtain decrypted user data comprises:
acquiring a preset private key and storing the preset private key;
calling a preset private key based on the received encrypted user data;
and decrypting the encrypted user data based on the preset private key to obtain decrypted user data.
3. The method of claim 2, wherein said verifying said decrypted user data, determining a user verification result, comprises:
presetting a user information database, wherein the decrypted user data comprises a user name;
searching the user name in the user information database, and when the user name exists in the user information database, determining that the user verification result is verification passing.
4. The method of claim 1, wherein the receiving the authentication data sent by the office system and authenticating the authentication data to determine the login result of the EBS system comprises:
presetting an identification number database;
receiving verification data sent by the office system, and verifying an authorized identification number in the verification data based on an identification number database within preset time to obtain an identification number verification result;
and determining login when the identification number verification result is that verification is passed.
5. The method according to claim 4, wherein the verifying the authorized identification number in the verification data based on the identification number database within the preset time, after obtaining the identification number verification result, further comprises:
and when the identification number verification result is verification failure, displaying a login failure interface.
6. The method of claim 1, wherein when the office system is connected to a single point management system, the method further comprises:
receiving encrypted login data sent by a single point management system;
decrypting the encrypted login data based on a preset algorithm to obtain decrypted login data;
sending the decrypted login data to the single point management system, and obtaining a verification result of the single point management system on the decrypted login data;
and determining the login result of the EBS system based on the verification result.
7. The method of claim 6, wherein the determining a login result of the EBS system based on the verification result comprises:
and displaying a login failure interface when the verification result is verification failure.
8. A single sign-on device, comprising:
the data receiving module is used for responding to the login request and receiving encrypted user data sent by the office system, wherein the encrypted user data is obtained by encryption based on a preset public key;
the data decryption module is used for decrypting the encrypted user data based on a preset private key to obtain decrypted user data, verifying the decrypted user data and determining a user verification result;
the identification sending module is used for sending an authorized identification number to the office system when the user verification result is that the user verification result passes the verification;
and the login determining module is used for receiving the verification data sent by the office system and verifying the verification data to determine the login result of the EBS system, wherein the verification data comprises an authorized identification number.
9. An electronic device, comprising:
a memory and a processor communicatively coupled to each other, the memory having stored therein computer instructions that, upon execution, cause the processor to perform the single sign-on method of any of claims 1-7.
10. A computer readable storage medium having stored thereon computer instructions for causing a computer to perform the single sign-on method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310385830.XA CN116401638A (en) | 2023-04-11 | 2023-04-11 | Single sign-on method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310385830.XA CN116401638A (en) | 2023-04-11 | 2023-04-11 | Single sign-on method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116401638A true CN116401638A (en) | 2023-07-07 |
Family
ID=87011989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310385830.XA Pending CN116401638A (en) | 2023-04-11 | 2023-04-11 | Single sign-on method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116401638A (en) |
-
2023
- 2023-04-11 CN CN202310385830.XA patent/CN116401638A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10904234B2 (en) | Systems and methods of device based customer authentication and authorization | |
| US20190116038A1 (en) | Attestation With Embedded Encryption Keys | |
| US9537836B2 (en) | System and method for secured content delivery | |
| CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
| US11818120B2 (en) | Non-custodial tool for building decentralized computer applications | |
| CN110535648B (en) | Electronic certificate generation and verification and key control method, device, system and medium | |
| US8095972B1 (en) | Secure authentication for web-based applications | |
| KR20170129866A (en) | Automated demonstration of device integrity using block chains | |
| US11374767B2 (en) | Key-based authentication for backup service | |
| CN104574176A (en) | USBKEY-based secure online tax declaration method | |
| CN110535807B (en) | Service authentication method, device and medium | |
| CN110472426B (en) | Method for scanning, encrypting and decrypting bid document instead of real object U shield | |
| CN105306423B (en) | Unified login method for distribution Web web station system | |
| US20180227288A1 (en) | Password security | |
| US20220103531A1 (en) | Methods and systems for secure cross-platform token exchange | |
| US20090083739A1 (en) | Network resource access control methods and systems using transactional artifacts | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| JP2007060581A (en) | Information management system and method | |
| TWI698113B (en) | Identification method and systerm of electronic device | |
| CN114861144A (en) | Data authority processing method based on block chain | |
| CN116401638A (en) | Single sign-on method, device, equipment and storage medium | |
| TWM580720U (en) | System for assisting a network service user in setting password for the first time | |
| US11968206B2 (en) | Non-custodial tool for building decentralized computer applications | |
| CN112019486B (en) | Data association method and device based on block chain and computing equipment | |
| EP3972216A1 (en) | Information system for the integration of digital certificates and method for operating said information system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |