CN116599777B - Multi-terminal multi-stage authentication method - Google Patents
Multi-terminal multi-stage authentication method Download PDFInfo
- Publication number
- CN116599777B CN116599777B CN202310880110.0A CN202310880110A CN116599777B CN 116599777 B CN116599777 B CN 116599777B CN 202310880110 A CN202310880110 A CN 202310880110A CN 116599777 B CN116599777 B CN 116599777B
- Authority
- CN
- China
- Prior art keywords
- authentication
- server
- application
- request
- application server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000013475 authorization Methods 0.000 claims abstract description 19
- 239000008186 active pharmaceutical agent Substances 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000015556 catabolic process Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The invention discloses a multi-terminal multi-stage authentication and authorization method, which is applied to a distributed system, wherein the distributed system comprises a Web server and a plurality of application servers, and the method comprises the following steps: s1: an authentication module is arranged in the Web server, the authentication module groups the application servers, a corresponding authentication server is arranged for each group of application servers, and a corresponding priority is arranged for each authentication server; s2: any client sends a request to a Web server, and an authentication module of the Web server carries out matching authentication to an authentication server of a group where the requested application server is located; s3: the client acquires corresponding resources from the application server requested by the client through the authentication password; s4: the application server of the request sends the authentication password to the corresponding authentication server for authentication and authority control.
Description
Technical Field
The invention relates to the technical field of server management, in particular to a multi-terminal multi-stage authentication and authorization method, and more particularly relates to a scheme for performing authentication and authorization aiming at a plurality of servers and a plurality of importance levels.
Background
As enterprise applications or under micro-service architecture, enterprise platform services split up into blocks. The establishment of a safe and unified standardized account management system is indispensable because the system is an important infrastructure of an enterprise Internet cloud platform, can bring unified basic capabilities of account management, identity authentication, user authorization and the like to the platform, brings basic capabilities of cross-system single sign-on, third party authorized sign-on and the like to enterprises, and provides necessary conditions for establishing an open platform and business ecology.
Standardized account management systems typically include four components: authentication, authorization, authentication, and rights control. Wherein, authentication is that the login user provides necessary information to indicate the identity of the login user; the authorization is the resource operation authority which is given by the resource owner to the appointed range of the executor (login person); authentication is an authentication confirmation process of identity rights authenticity owned by an executor; the authority control refers to combining executable operations into an authority list, and then releasing or intercepting the operations according to the authorities of the executors. Therefore, when an enterprise standardized account management system is constructed, the processes of authentication, authentication and the like among all the plates are required to be performed efficiently, and the flow from the authentication to the authority control of the whole system is also ensured to be safe, so that the system breakdown and the data leakage caused by malicious network attack can be resisted.
Currently, enterprises often use APIs to connect services and transfer data. Typically, the API will go to the authentication server for user authentication and authorization before reaching the application server for a resource request. JWT (JSON Web Token) is a standard authentication solution, among others. The method comprises the following steps:
1) The user requests authentication from the authentication server using the user name and password;
2) The authentication server verifies the user name and the password, generates a JWT Token (Token), and then returns the Token to the client;
3) When a client requests an application server resource, carrying a JWT Token;
4) The application server transmits the JWT Token to the authentication server to check the JWT Token and confirm whether the signature is correct;
5) After the authentication server passes the verification, notifying the application server;
6) The application server considers the request to be legal and returns the requested resource.
However, services in the current business architecture are generally modular and componentized, which is quite different from the traditional single architecture. A large platform typically uses a message bus to connect together multiple independent services, and each independent component then provides API services out through RESTful interface specifications. Then when a single authentication server is used to provide JWT Token, the packets cannot be grouped according to the importance of the component, and authentication cannot be performed with the service group granularity. In addition, when there are multiple different authentication schemes in a system, the unified authentication scheme may be inefficient. Therefore, there is a need in the art for a multi-server, multi-level authentication and authorization scheme that can meet the diversity of real-world needs and provide better system compatibility.
Disclosure of Invention
Aiming at the problems existing in the authentication and the authentication of the single authentication server, the invention aims to provide a multi-terminal multi-stage authentication and authentication method, which is used for respectively authenticating and authenticating different groups of application services through different authentication servers so as to meet the authentication requirements of the services of multiple service terminals and different security levels, thereby being better applicable to the existing distributed system.
To achieve the above object, the present invention provides a multi-terminal multi-level authentication method, which is applied to a distributed system, wherein the distributed system includes a Web server and a plurality of application servers, and the method includes the following steps:
step S1: an authentication module is arranged in the Web server, the authentication module groups the application servers, a corresponding authentication server is arranged for each group of application servers, and a corresponding priority is arranged for each authentication server;
step S2: any client sends a request to a Web server, and an authentication module of the Web server carries out matching authentication to an authentication server of a group where the requested application server is located;
step S3: the client acquires corresponding resources from the application server requested by the client through the authentication password;
step S4: the application server of the request sends the authentication password to the corresponding authentication server for authentication and authority control.
In an embodiment of the present invention, the specific process of grouping the application servers by the authentication module in step S1 includes:
step S101: after the system is started, the Web server reads a configuration file preset by the authentication module, wherein the configuration file comprises: request prefix, authentication address, packet configuration information, priority level, and authentication forwarding setting according to the priority level;
step S102: grouping application servers according to the setting of the configuration file, and distributing an authentication server for each group;
step S103: setting a packet priority, wherein:
if the priorities of all the authentication servers are set to be consistent, each group of application servers is in a horizontal mode, and the step S105 is directly carried out;
if the priority of each authentication server is set to be inconsistent, each group of application servers is in a vertical mode, and step S104 is executed;
step S104: generating an authentication pipeline according to the set priorities of the authentication servers of different groups;
step S105: forwarding rules for the application servers within each group are generated.
In an embodiment of the present invention, step S105 specifically includes:
step S1051: if the application server is in the horizontal mode setting, directly acquiring grouping configuration information in the configuration file, and generating a URL forwarding rule;
if the application server is in the vertical mode setting, traversing the generated authentication pipeline, and outputting the rule of the authentication pipeline as a forwarding rule if the traversal passes; otherwise, acquiring packet configuration information in the configuration file, and generating a URL forwarding rule;
step S1052: generating a location matching rule of Nginx according to the generated URL forwarding rule;
step S1053: generating proxy related information according to the grouped authentication server;
step S1054: judging whether the application server is in a horizontal mode, and outputting the generated proxy related information as a forwarding rule if the application server is in the horizontal mode; otherwise, the process returns to step S1501 to perform traversal again on the generated authentication pipe.
In an embodiment of the present invention, the specific process of the authentication module performing the matching authentication on the request in step S2 includes:
step S201: after receiving the request, the authentication module analyzes the URL information of the request;
step S202: judging the packet priority of the corresponding application server, wherein:
if the application server is judged to be in the horizontal mode setting, directly forwarding the request to an authentication server matched with the analyzed URL information for authentication or authorization;
otherwise, judging whether the application server is in the vertical mode setting, if so, loading an authentication pipeline according to the context of the authentication module, judging whether the authentication process can pass through serially, if so, executing authentication or authorization, otherwise, returning authentication failure;
if the application server is judged to be neither in the horizontal mode setting nor in the vertical mode setting, returning authentication failure;
step S203: authentication is successful, and an authentication password is sent to the requesting client.
In an embodiment of the present invention, when the application server is set in the vertical mode, the method further includes adding security authentication to the network request in the authentication server with the highest priority.
Compared with the prior art, the multi-terminal multi-stage authentication and authorization method provided by the invention has the advantages that:
1) The application servers of each group can be independently authenticated and authenticated through grouping, so that the authentication and authentication efficiency is improved;
2) The authentication module is configured, so that authentication and authentication processes of different levels among different service groups can be dynamically set, the security of the multi-level service end can be ensured according to actual requirements, and the diversified requirements of different service architectures on authentication and authentication can be met.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a multi-terminal and multi-stage authentication process according to an embodiment of the present invention;
FIG. 2 is a flow chart of an authentication module group according to an embodiment of the invention;
FIG. 3 is a schematic diagram illustrating an authentication module generating forwarding rules according to an embodiment of the present invention;
FIG. 4 is a flow chart of the authentication module in one embodiment of the invention matching authentication of a request.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without any inventive effort, are intended to be within the scope of the invention.
Typically, when different clients request different services or resources, it is common practice to:
1) Any client sends a request to a Web server (e.g., nmginx) for serving reverse proxy;
2) The Web server uses basic information (such as account name, name and the like) provided by the corresponding user to authenticate and authorize the authentication server with high priority, if the authentication is passed, a Token password is returned to the corresponding client, and if the authentication is failed, a failure reason is returned to the corresponding client;
3) If the corresponding client side receives the Token, the client side can bring the Token to the application server to request the corresponding resource;
4) The application server sends the received Token to the authentication server for Token authentication and authority control, and the authentication server informs the application server whether to provide the resources required by the client.
Fig. 1 is a schematic flow chart of multi-terminal multi-stage authentication and authorization according to an embodiment of the present invention, as shown in fig. 1, the embodiment provides a multi-terminal multi-stage authentication and authorization method, which is applied to a distributed system, wherein the distributed system includes a Web server and a plurality of application servers, and the method includes the following steps:
step S1: an authentication module is arranged in the Web server, the authentication module groups the application servers, a corresponding authentication server is arranged for each group of application servers, and a corresponding priority is arranged for each authentication server;
for example, in fig. 1, 6 application servers are taken as an example, and are respectively referred to as service 1, service 2, service 3, service 4, service 5 and service 6, the 6 application servers are divided into two groups, namely Group1 and Group2, wherein Group1 comprises service 1 and service 2, group2 comprises four application servers of service 3 to service 6, an authentication server 1 is correspondingly set for Group1, and an authentication server 2 is correspondingly set for Group 2. In this way, two application servers in Group1 can use the authentication server 1 to perform subsequent authentication, authorization, authentication, authority control and other operations, and four application servers in Group2 can use the authentication server 2 to perform subsequent authentication, authorization, authentication, authority control and other operations, so as to realize authentication and authentication of a single packet.
In an embodiment, all authentication servers may be set to the same priority, and then each Group of application servers is in a horizontal mode, that is, the application servers in each Group have no dependency relationship between each Group, that is, even if authentication server 1 fails, as long as authentication server 2 succeeds, the client may still access the service authenticated by each application server in Group 2.
In another embodiment, a different priority may be set for each authentication server, so that the application servers of each group are in a vertical mode, i.e. if the authentication of the authentication server with a high priority fails, the client cannot access the service of the authentication server with a high priority corresponding to the application server of the group, or cannot access the service of the authentication server with a low priority corresponding to the application server of the group. By way of example with the arrangement in fig. 1, the authentication server 1 is set to have a higher priority than the authentication server 2, i.e. authentication server 1 is a high priority, authentication server 2 is a low priority, and if any client fails to authenticate at authentication server 1, it may not access the services of two application servers in Group1 or four application servers in Group 2.
Fig. 2 is a schematic flow chart of grouping authentication modules according to an embodiment of the present invention, as shown in fig. 2, in this embodiment, a specific process of grouping application servers by the authentication modules in step S1 includes:
step S101: after the system is started, the Web server reads a configuration file preset by the authentication module, wherein the configuration file comprises: request prefix, authentication address, packet configuration information, priority level, authentication forwarding setting according to priority level, etc.;
in this embodiment, when the authentication server is started, a group where the application server is located is set in the configuration file, and the group of services is determined and invariable after being preset. In other embodiments, the weights may be set separately (e.g., the initial weights are equal) for each application server, and the weights of the application servers may be dynamically modified by the authentication module during the process of being requested by the application servers, and then the weights may be classified into different groups according to a certain algorithm (e.g., an arithmetic progression) according to the number of authentication servers (equal to the number of packets), but is not limited thereto.
Step S102: grouping application servers according to the setting of the configuration file, and distributing an authentication server for each group;
step S103: setting a packet priority, wherein:
if the priorities of all the authentication servers are set to be consistent, each group of application servers is in a horizontal mode, and the step S105 is directly carried out;
if the priority of each authentication server is set to be inconsistent, each group of application servers is in a vertical mode, and step S104 is executed;
step S104: generating an authentication pipeline according to the set priorities of the authentication servers of different groups; the authentication management is a path for executing authentication according to the order of the authentication;
step S105: forwarding rules for the application servers within each group are generated.
After setting, the request prefix of the application server in each group is different, for example: the prefix of the request of the A service is https:// ip/aa; the request prefix of the B service is https:// ip/bb, so that when the authentication service is started, the configuration information can be read accordingly to serve as a group where the service is located for identification.
Fig. 3 is a schematic diagram of generating a forwarding rule by the authentication module according to an embodiment of the present invention, as shown in fig. 3, in this embodiment, step S105 specifically includes:
step S1051: if the application server is in the horizontal mode setting, directly acquiring grouping configuration information in the configuration file, and generating a URL forwarding rule;
if the application server is in the vertical mode setting, traversing the generated authentication pipeline, and outputting the rule of the authentication pipeline as a forwarding rule if the traversal passes; otherwise, acquiring packet configuration information in the configuration file, and generating a URL forwarding rule;
step S1052: generating location matching rules of Nginx (a medium-high-performance HTTP and reverse proxy web server) according to the generated URL forwarding rules; the location rule of Nginx is a series of rules for controlling how URL paths are mapped to specific file system paths, which is not described in detail in the prior art;
step S1053: generating proxy related information according to the grouped authentication server; for example, the method can be realized by proxy_pass (a reverse proxy instruction of Nginx) and proxy_set_header (a reverse proxy instruction of Nginx), and the like, and the method is not repeated because the method is a known method;
step S1054: judging whether the application server is in a horizontal mode, and outputting the generated proxy related information as a forwarding rule if the application server is in the horizontal mode; otherwise, the process returns to step S1501 to perform traversal again on the generated authentication pipe.
Step S2: any client (such as client a or client B in fig. 1) sends a request (such as an API request) to a Web server, and an authentication module of the Web server performs matching authentication on an authentication server of a group where the requested application server is located;
fig. 4 is a flowchart of the authentication module performing matching authentication on a request according to an embodiment of the present invention, as shown in fig. 4, in this embodiment, a specific process of the authentication module performing matching authentication on a request in step S2 includes:
step S201: after receiving the request, the authentication module analyzes the URL information of the request;
step S202: judging the packet priority of the corresponding application server, wherein:
if the application server is judged to be in the horizontal mode setting, directly forwarding the request to an authentication server matched with the analyzed URL information for authentication or authorization;
otherwise, judging whether the application server is in the vertical mode setting, if so, loading an authentication pipeline according to the context of the authentication module, judging whether the authentication process can pass through serially, if so, executing authentication or authorization, otherwise, returning authentication failure;
if the application server is judged to be neither in the horizontal mode setting nor in the vertical mode setting, returning authentication failure;
step S203: authentication is successful and an authentication password (Token) is sent to the requesting client.
Step S3: the client acquires corresponding resources from the application server requested by the client through the authentication password;
step S4: the application server of the request sends the authentication password to the corresponding authentication server for authentication and authority control.
Taking fig. 1 as an example, when an application server in Group1 receives an authentication password of a client, the application server sends the authentication password to the authentication server 1 for authentication and authority control, and similarly, when an application server in Group2 receives the authentication password of the client, the application server sends the authentication password to the authentication server 2 for authentication and authority control.
In an embodiment, when the application server is set in the vertical mode, security authentication may be further added to the network request in the authentication server with the highest priority.
The multi-terminal multi-stage authentication and authentication method provided by the invention can carry out independent authentication and authentication for the application servers of each group through grouping, thereby improving the authentication and authentication efficiency; the authentication module is configured, so that authentication and authentication processes of different levels among different service groups can be dynamically set, the security of the multi-level service end can be ensured according to actual requirements, and the diversified requirements of different service architectures on authentication and authentication can be met.
Those of ordinary skill in the art will appreciate that: the drawing is a schematic diagram of one embodiment and the modules or flows in the drawing are not necessarily required to practice the invention.
Those of ordinary skill in the art will appreciate that: the modules in the apparatus of the embodiments may be distributed in the apparatus of the embodiments according to the description of the embodiments, or may be located in one or more apparatuses different from the present embodiments with corresponding changes. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (3)
1. A multi-terminal multi-stage authentication, authentication method applied to a distributed system, wherein the distributed system comprises a Web server and a plurality of application servers, the method comprising the steps of:
step S1: an authentication module is arranged in the Web server, the authentication module groups the application servers, a corresponding authentication server is arranged for each group of application servers, and a corresponding priority is arranged for each authentication server, wherein the specific process of the authentication module grouping the application servers comprises the following steps:
step S101: after the system is started, the Web server reads a configuration file preset by the authentication module, wherein the configuration file comprises: request prefix, authentication address, packet configuration information, priority level, and authentication forwarding setting according to the priority level;
step S102: grouping application servers according to the setting of the configuration file, and distributing an authentication server for each group;
step S103: setting a packet priority, wherein:
if the priorities of all the authentication servers are set to be consistent, each group of application servers is in a horizontal mode, and the step S105 is directly carried out;
if the priority of each authentication server is set to be inconsistent, each group of application servers is in a vertical mode, and step S104 is executed;
step S104: generating an authentication pipeline according to the set priorities of the authentication servers of different groups;
step S105: generating a forwarding rule of an application server in each group;
step S2: any client sends a request to a Web server, an authentication module of the Web server performs matching authentication to an authentication server of a group where the requested application server is located, wherein the specific process of the authentication module performing matching authentication to the request comprises the following steps:
step S201: after receiving the request, the authentication module analyzes the URL information of the request;
step S202: judging the packet priority of the corresponding application server, wherein:
if the application server is judged to be in the horizontal mode setting, directly forwarding the request to an authentication server matched with the analyzed URL information for authentication or authorization;
otherwise, judging whether the application server is in the vertical mode setting, if so, loading an authentication pipeline according to the context of the authentication module, judging whether the authentication process can pass through serially, if so, executing authentication or authorization, otherwise, returning authentication failure;
if the application server is judged to be neither in the horizontal mode setting nor in the vertical mode setting, returning authentication failure;
step S203: after successful authentication, the authentication password is sent to the requesting client;
step S3: the client acquires corresponding resources from the application server requested by the client through the authentication password;
step S4: the application server of the request sends the authentication password to the corresponding authentication server for authentication and authority control.
2. The multi-terminal, multi-stage authentication method according to claim 1, wherein step S105 specifically comprises:
step S1051: if the application server is in the horizontal mode setting, directly acquiring grouping configuration information in the configuration file, and generating a URL forwarding rule;
if the application server is in the vertical mode setting, traversing the generated authentication pipeline, and outputting the rule of the authentication pipeline as a forwarding rule if the traversal passes; otherwise, acquiring packet configuration information in the configuration file, and generating a URL forwarding rule;
step S1052: generating a location matching rule of Nginx according to the generated URL forwarding rule;
step S1053: generating proxy related information according to the grouped authentication server;
step S1054: and outputting the generated agent related information as a forwarding rule.
3. The multi-terminal, multi-stage authentication, method of claim 1, further comprising adding security authentication to the network request in the highest priority authentication server when the application server is vertical mode setting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310880110.0A CN116599777B (en) | 2023-07-18 | 2023-07-18 | Multi-terminal multi-stage authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310880110.0A CN116599777B (en) | 2023-07-18 | 2023-07-18 | Multi-terminal multi-stage authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116599777A CN116599777A (en) | 2023-08-15 |
| CN116599777B true CN116599777B (en) | 2023-09-26 |
Family
ID=87608524
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310880110.0A Active CN116599777B (en) | 2023-07-18 | 2023-07-18 | Multi-terminal multi-stage authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116599777B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170566A (en) * | 2007-11-20 | 2008-04-30 | 中兴通讯股份有限公司 | A multi-domain authentication method and system |
| CN101335626A (en) * | 2008-08-06 | 2008-12-31 | 中国网通集团宽带业务应用国家工程实验室有限公司 | Multi-stage authentication method and multi-stage authentication system |
| CN101631116A (en) * | 2009-08-10 | 2010-01-20 | 中国科学院地理科学与资源研究所 | Distributed dual-license and access control method and system |
| CN102195987A (en) * | 2011-05-31 | 2011-09-21 | 成都七巧软件有限责任公司 | Distributed credibility authentication method and system thereof based on software product library |
| CN102710419A (en) * | 2011-12-21 | 2012-10-03 | 大唐软件技术股份有限公司 | User authentication method and device |
| CN103685244A (en) * | 2013-11-28 | 2014-03-26 | 深圳大学 | Differentiated authentication method and differentiated authentication device |
| CN107547563A (en) * | 2017-09-25 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of authentication method and device |
| CN115296877A (en) * | 2022-07-25 | 2022-11-04 | 紫光云技术有限公司 | Method for invalidation and renewal of JWT storage token |
| CN115834134A (en) * | 2022-10-27 | 2023-03-21 | 兴业银行股份有限公司 | Enterprise-level gateway authentication method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5372711B2 (en) * | 2009-11-13 | 2013-12-18 | アラクサラネットワークス株式会社 | Devices and systems that effectively use multiple authentication servers |
-
2023
- 2023-07-18 CN CN202310880110.0A patent/CN116599777B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170566A (en) * | 2007-11-20 | 2008-04-30 | 中兴通讯股份有限公司 | A multi-domain authentication method and system |
| CN101335626A (en) * | 2008-08-06 | 2008-12-31 | 中国网通集团宽带业务应用国家工程实验室有限公司 | Multi-stage authentication method and multi-stage authentication system |
| CN101631116A (en) * | 2009-08-10 | 2010-01-20 | 中国科学院地理科学与资源研究所 | Distributed dual-license and access control method and system |
| CN102195987A (en) * | 2011-05-31 | 2011-09-21 | 成都七巧软件有限责任公司 | Distributed credibility authentication method and system thereof based on software product library |
| CN102710419A (en) * | 2011-12-21 | 2012-10-03 | 大唐软件技术股份有限公司 | User authentication method and device |
| CN103685244A (en) * | 2013-11-28 | 2014-03-26 | 深圳大学 | Differentiated authentication method and differentiated authentication device |
| CN107547563A (en) * | 2017-09-25 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of authentication method and device |
| CN115296877A (en) * | 2022-07-25 | 2022-11-04 | 紫光云技术有限公司 | Method for invalidation and renewal of JWT storage token |
| CN115834134A (en) * | 2022-10-27 | 2023-03-21 | 兴业银行股份有限公司 | Enterprise-level gateway authentication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116599777A (en) | 2023-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11711219B1 (en) | PKI-based user authentication for web services using blockchain | |
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| US10320801B2 (en) | Identity proxy to provide access control and single sign on | |
| CN111213339B (en) | Authentication token with client key | |
| US11238449B2 (en) | Efficient validation of transaction policy compliance in a distributed ledger system | |
| US9621355B1 (en) | Securely authorizing client applications on devices to hosted services | |
| US20190199535A1 (en) | Secure processing of an authorization verification request | |
| CN106162574B (en) | Unified authentication method for applications in cluster system, server and terminal | |
| US9923880B2 (en) | Authenticating mobile applications using policy files | |
| US10454949B2 (en) | Guarding against cross-site request forgery (CSRF) attacks | |
| US20110202987A1 (en) | Service access control | |
| CN110958119A (en) | Identity verification method and device | |
| CN103685139A (en) | Authentication and authorization processing method and device | |
| US20210167947A1 (en) | System and method for processing secret sharing authentication | |
| CN107800723A (en) | CC attack guarding methods and equipment | |
| CN114553480B (en) | Cross-domain single sign-on method and device, electronic equipment and readable storage medium | |
| US10116646B2 (en) | Software-defined network threat control | |
| US11784993B2 (en) | Cross site request forgery (CSRF) protection for web browsers | |
| KR20170067120A (en) | Gateway and method for authentication | |
| US11469905B2 (en) | Device and method for processing public key of user in communication system that includes a plurality of nodes | |
| KR101358704B1 (en) | Method of authenticating for single sign on | |
| CN116599777B (en) | Multi-terminal multi-stage authentication method | |
| CN108600266B (en) | Statement filtering authentication method and system | |
| US10931713B1 (en) | Passive detection of genuine web browsers based on security parameters | |
| US10382431B2 (en) | Network hop count network location identifier |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Room 711c, 7 / F, block a, building 1, yard 19, Ronghua Middle Road, Beijing Economic and Technological Development Zone, Daxing District, Beijing 102600 Patentee after: Beijing Zhongke Flux Technology Co.,Ltd. Address before: Room 711c, 7 / F, block a, building 1, yard 19, Ronghua Middle Road, Beijing Economic and Technological Development Zone, Daxing District, Beijing 102600 Patentee before: Beijing Ruixin high throughput technology Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |