CN116684189A - Firewall mobile client authentication method and system - Google Patents
Firewall mobile client authentication method and system Download PDFInfo
- Publication number
- CN116684189A CN116684189A CN202310807223.8A CN202310807223A CN116684189A CN 116684189 A CN116684189 A CN 116684189A CN 202310807223 A CN202310807223 A CN 202310807223A CN 116684189 A CN116684189 A CN 116684189A
- Authority
- CN
- China
- Prior art keywords
- authentication
- firewall
- user
- client
- encrypted data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000004891 communication Methods 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims abstract description 12
- 238000012790 confirmation Methods 0.000 claims abstract description 11
- 230000002452 interceptive effect Effects 0.000 claims abstract description 7
- 230000008569 process Effects 0.000 claims description 5
- 239000000758 substrate Substances 0.000 claims 1
- 230000003993 interaction Effects 0.000 abstract 1
- 230000006870 function Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of firewall authentication, in particular to a method and a system for authenticating a firewall mobile client, which comprise the following steps: when a user accesses the firewall authentication interface, the firewall releases the client authentication domain name flow to allow the SDK to be loaded to generate a two-dimensional code; after a user uses the mobile client to scan the two-dimension code, the mobile client identifies an encrypted communication link generated by an authentication interface to automatically request communication with the cloud middleware server, and sends an authentication request to the cloud middleware server; the cloud middleware server verifies the encrypted data and confirms the user authentication information with the client authentication server in an interactive way; if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to the firewall so that the firewall finishes the authentication flow after processing the internal logic. According to the technical scheme, interaction between the firewall and the authentication server is realized through the cloud middleware server, so that safety and convenience of user authentication are realized, and flexibility of firewall authentication is improved.
Description
Technical Field
The invention relates to the technical field of firewall authentication, in particular to a method and a system for authenticating a firewall mobile client.
Background
With the rapid development of information technology, authentication technology has also been greatly developed, and has become a main means of enterprise security protection. Currently, authentication technology is widely applied in government, finance, telecommunication and other industries, and has become an important means for protecting the Internet.
The trend in authentication technology is simplification, intellectualization and security improvement. A simpler operation mode is adopted, so that the user can be more fast and convenient in authentication. And by adopting a more advanced intelligent technology, the system can better and automatically identify the user, and the authentication efficiency is improved. Meanwhile, more technical improvements are made to the safety of the system so as to improve the stability of the system.
In the existing firewall authentication implementation method, a user needs to memorize a complex user name and password for authentication, and authentication failure can be caused if the user forgets; in addition, once the user name and the password are revealed, the user name and the password can be possibly maliciously utilized by other people, and the security risks such as account theft, firewall authority revealing and the like are caused. The short message authentication can also cause security risks such as account theft, firewall authority leakage and the like; in addition, due to limited concurrency capability of short message service providers, when a large number of users log in by using short messages at the same time, the problem of short message sending delay can occur, thereby influencing the authentication of the users.
And because the firewall in the intranet cannot interact with other authentication servers, the user can only use the traditional authentication method, the security is not high, the authentication efficiency is low, and the user experience is affected.
Disclosure of Invention
Accordingly, the present invention is directed to providing a method and a system for authenticating a firewall mobile client, so as to solve the problem in the prior art that a firewall in an intranet cannot interact with other authentication servers, so that a user can only use a traditional authentication method, the security is not high, the authentication efficiency is low, and the user experience is affected.
According to a first aspect of an embodiment of the present invention, there is provided a firewall mobile client authentication method, including:
when the user is detected to access the firewall authentication interface by the authenticated equipment, the firewall automatically releases the client authentication domain name flow to allow the authentication interface to automatically load the SDK to generate a two-dimensional code containing encrypted data and user authentication information;
after a user scans the two-dimension code by using a two-dimension code scanning function of the mobile client, automatically requesting to communicate with a cloud middleware server by utilizing an encrypted communication link generated by an identification authentication interface of the mobile client, and sending an authentication request containing encrypted data and user authentication information to the cloud middleware server;
the cloud middleware server verifies the encrypted data and confirms the user authentication information and the client authentication server in an interactive way;
and if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to the firewall so that the firewall finishes the authentication flow after processing the internal logic according to the user authentication information.
Preferably, the client is a WeChat client; the client authentication domain name traffic is WeChat authentication domain name traffic; the client authentication server is a WeChat authentication server.
Preferably, the method further comprises:
acquiring the encrypted data from the firewall and storing the encrypted data in a preset database;
user authentication information is obtained from the WeChat authentication server and stored in a preset database.
Preferably, the cloud middleware server verifies the encrypted data, including:
and checking the encrypted data received from the mobile client with the encrypted data stored in the preset database, and if the encrypted data is consistent with the encrypted data, checking the encrypted data successfully.
Preferably, the firewall completes the authentication process after processing the internal logic, including:
the front end of the firewall acquires the user authentication information sent by the cloud middleware server, and sends the user authentication information to the rear end of the firewall for login;
and receiving login information fed back by the back end of the firewall.
Preferably, after receiving the login information fed back by the firewall backend, the method further comprises:
if the login information is successful login, displaying that the login is successful at the front end of the firewall;
triggering and checking login conditions to the back end of the firewall at preset time intervals, and updating login information.
According to a second aspect of an embodiment of the present invention, there is provided a firewall mobile client authentication system, including:
a firewall in the mobile client, the cloud middleware server, the client authentication server and the authenticated equipment;
the firewall in the authenticated device is used for automatically releasing the client authentication domain name flow to allow the authentication interface to automatically load the SDK to generate a two-dimensional code containing encrypted data and user authentication information when the user is detected to access the firewall authentication interface in the authenticated device;
the mobile client is used for scanning an encrypted communication link automatic request generated by the two-dimension code identification authentication interface to communicate with the cloud middleware server, and sending an authentication request containing encrypted data and user authentication information to the cloud middleware server;
the cloud middleware server is used for verifying the encrypted data and interactively confirming the user authentication information with the client authentication server; if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to a firewall;
the firewall in the authenticated device is also used for completing the authentication flow after the internal logic is processed according to the user authentication information.
The technical scheme provided by the embodiment of the invention can comprise the following beneficial effects:
it can be understood that the technical scheme of the invention can allow the client authentication domain name flow to load the SDK to generate the two-dimensional code when the user accesses the firewall authentication interface; after a user uses the mobile client to scan the two-dimension code, the mobile client identifies an encrypted communication link generated by an authentication interface to automatically request communication with the cloud middleware server, and sends an authentication request to the cloud middleware server; the cloud middleware server verifies the encrypted data and confirms the user authentication information with the client authentication server in an interactive way; if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to the firewall so that the firewall finishes the authentication flow after processing the internal logic. The technical scheme of the invention can enable the user to authenticate the firewall through the mobile client, is more convenient to operate, provides the mobile client, the authentication server and the firewall intermediate layer for scheduling authentication, realizes the security and convenience of user authentication, and increases the flexibility of firewall authentication.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a schematic diagram illustrating steps of a firewall mobile client authentication method according to an exemplary embodiment;
fig. 2 is a flow diagram illustrating a method of firewall mobile client authentication according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the invention. Rather, they are merely examples of apparatus and methods consistent with aspects of the invention as detailed in the accompanying claims.
Example 1
Fig. 1 is a schematic diagram illustrating steps of a method for authenticating a firewall mobile client according to an exemplary embodiment, referring to fig. 1, there is provided a method for authenticating a firewall mobile client, including:
step S11, when the user is detected to access the firewall authentication interface in the authenticated equipment, the firewall automatically releases the client authentication domain name flow to allow the authentication interface to automatically load the SDK to generate a two-dimensional code containing encrypted data and user authentication information;
step S12, after a user scans the two-dimension code by using a two-dimension code scanning function of the mobile client, automatically requesting to communicate with a cloud middleware server by utilizing an encrypted communication link generated by an identification authentication interface of the mobile client, and sending an authentication request containing encrypted data and user authentication information to the cloud middleware server;
s13, the cloud middleware server verifies the encrypted data and confirms the user authentication information in an interactive way with the client authentication server;
and step S14, if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to the firewall so that the firewall finishes the authentication flow after processing the internal logic according to the user authentication information.
It can be understood that the technical scheme of the invention can allow the client authentication domain name flow to load the SDK to generate the two-dimensional code when the user accesses the firewall authentication interface; after a user uses the mobile client to scan the two-dimension code, the mobile client identifies an encrypted communication link generated by an authentication interface to automatically request communication with the cloud middleware server, and sends an authentication request to the cloud middleware server; the cloud middleware server verifies the encrypted data and confirms the user authentication information with the client authentication server in an interactive way; if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to the firewall so that the firewall finishes the authentication flow after processing the internal logic. The technical scheme of the invention can enable the user to authenticate the firewall through the mobile client, is more convenient to operate, provides the mobile client, the authentication server and the firewall intermediate layer for scheduling authentication, realizes the security and convenience of user authentication, and increases the flexibility of firewall authentication.
It should be noted that, the client is a WeChat client; the client authentication domain name traffic is WeChat authentication domain name traffic; the client authentication server is a WeChat authentication server.
It can be understood that through the technical scheme provided by the embodiment, the client can directly scan the code to log in the firewall for authentication through WeChat, so that the authentication method is convenient and quick and has high safety.
Fig. 2 is a schematic flow chart of a firewall mobile client authentication method according to an exemplary embodiment, referring to fig. 2, when a user wants to log in a firewall of an authenticated device, first performing code scanning authentication, when the firewall enters the code scanning authentication, the firewall automatically releases the client authentication domain name flow to allow an authentication interface to automatically load an SDK to generate a two-dimensional code containing encrypted data and user authentication information, preferably, weChat authentication can be used, iframe (HTML tag) is generated through JSSDK, and two-dimensional code login logic is nested.
If the user fails to scan the code and log in, prompt information of the failure to scan the code and log in is prompted.
If the user code scanning login is successful, the firewall calls back the middleware server, the user uses the two-dimension code scanning function of the WeChat mobile client to identify the encrypted communication link generated by the authentication interface, and the WeChat client automatically requests the encrypted link to communicate with the middleware server after identifying.
The method also comprises the following steps:
acquiring the encrypted data from the firewall and storing the encrypted data in a preset database;
user authentication information is obtained from the WeChat authentication server and stored in a preset database.
In specific practice, the database stores therein an openid (unique identification of the user), a nickname (nickname of the user) and a user IP of user authentication information, and encrypted data including source IP, destination IP, device SN (serial number) and OEM information.
After the cloud middleware server acquires the WeChat mobile client authentication request, intermediate processing is performed, the encrypted data is checked through the database, and the user authentication information is confirmed through the WeChat authentication server. It should be noted that, the verification of the encrypted data by the cloud middleware server includes: and checking the encrypted data received from the mobile client with the encrypted data stored in the preset database, and if the encrypted data is consistent with the encrypted data, checking the encrypted data successfully. Preferably, when the WeChat authentication server fails to confirm the user authentication information, the WeChat authentication server prompts the related information of the confirmation failure.
It should be noted that, after the firewall finishes processing the internal logic, the authentication process is completed, including:
the front end of the firewall acquires the user authentication information sent by the cloud middleware server, and sends the user authentication information to the rear end of the firewall for login;
and receiving login information fed back by the back end of the firewall.
In specific practice, after the cloud middleware server is successfully checked and confirmed, the firewall is called back and the user authentication information is transmitted to the front end of the firewall in an encrypted mode, and the front end of the firewall sends the user authentication information to the rear end of the firewall, wherein the user authentication information comprises a downlink mark login: user type, IP, nickname, and openid (unique identification of the user). And the firewall rear end performs authentication login according to the information, and returns login information to the firewall front end.
It should be noted that after receiving the login information fed back by the firewall backend, the method further includes:
if the login information is successful login, displaying that the login is successful at the front end of the firewall;
triggering and checking login conditions to the back end of the firewall at preset time intervals, and updating login information.
In specific practice, if authentication fails, prompting related failure information; if the authentication is successful, the front end of the firewall shows that the login is successful, and the login condition can be triggered and checked to the rear end of the firewall every 30 seconds to update the login information.
Example two
There is provided a firewall mobile client authentication system comprising:
a firewall in the mobile client, the cloud middleware server, the client authentication server and the authenticated equipment;
the firewall in the authenticated device is used for automatically releasing the client authentication domain name flow to allow the authentication interface to automatically load the SDK to generate a two-dimensional code containing encrypted data and user authentication information when the user is detected to access the firewall authentication interface in the authenticated device;
the mobile client is used for scanning an encrypted communication link automatic request generated by the two-dimension code identification authentication interface to communicate with the cloud middleware server, and sending an authentication request containing encrypted data and user authentication information to the cloud middleware server;
the cloud middleware server is used for verifying the encrypted data and interactively confirming the user authentication information with the client authentication server; if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to a firewall;
the firewall in the authenticated device is also used for completing the authentication flow after the internal logic is processed according to the user authentication information.
Preferably, the client is a WeChat client; the client authentication domain name traffic is WeChat authentication domain name traffic; the client authentication server is a WeChat authentication server.
The embodiment provides a cloud middleware authentication mechanism based on a WeChat mobile client. The method comprises WeChat authentication Oauth2 (a continuation version of the OAuth protocol) and a firewall self-authentication mechanism, wherein a middleware server is used for pre-dispatching firewall user and WeChat user unique binding and identity verification. The embodiment not only increases the operation convenience in a mode that the user scans the two-dimension code and performs identity authentication with the firewall by using the WeChat mobile client, but also can perform cloud middleware server scheduling authentication aiming at a plurality of firewall devices distributed in different geographic positions.
It can be understood that, according to the technical scheme shown in the embodiment, when a user accesses the firewall authentication interface, the firewall releases the client authentication domain name flow to allow loading of the SDK to generate a two-dimensional code; after a user uses the mobile client to scan the two-dimension code, the mobile client identifies an encrypted communication link generated by an authentication interface to automatically request communication with the cloud middleware server, and sends an authentication request to the cloud middleware server; the cloud middleware server verifies the encrypted data and confirms the user authentication information with the client authentication server in an interactive way; if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to the firewall so that the firewall finishes the authentication flow after processing the internal logic. According to the technical scheme, a user can authenticate the firewall through the mobile client, operation is more convenient, the mobile client, the authentication server and the firewall intermediate layer are provided for scheduling authentication, safety and convenience of user authentication are achieved, and firewall authentication flexibility is improved.
It is to be understood that the same or similar parts in the above embodiments may be referred to each other, and that in some embodiments, the same or similar parts in other embodiments may be referred to.
It should be noted that in the description of the present invention, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Furthermore, in the description of the present invention, unless otherwise indicated, the meaning of "plurality" means at least two.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
Those of ordinary skill in the art will appreciate that all or a portion of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, and where the program, when executed, includes one or a combination of the steps of the method embodiments.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules may also be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product.
The above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, or the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.
Claims (7)
1. A method for authenticating a firewall mobile client, comprising:
when the user is detected to access the firewall authentication interface by the authenticated equipment, the firewall automatically releases the client authentication domain name flow to allow the authentication interface to automatically load the SDK to generate a two-dimensional code containing encrypted data and user authentication information;
after a user scans the two-dimension code by using a two-dimension code scanning function of the mobile client, automatically requesting to communicate with a cloud middleware server by utilizing an encrypted communication link generated by an identification authentication interface of the mobile client, and sending an authentication request containing encrypted data and user authentication information to the cloud middleware server;
the cloud middleware server verifies the encrypted data and confirms the user authentication information and the client authentication server in an interactive way;
and if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to the firewall so that the firewall finishes the authentication flow after processing the internal logic according to the user authentication information.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the client is a WeChat client; the client authentication domain name traffic is WeChat authentication domain name traffic; the client authentication server is a WeChat authentication server.
3. The method as recited in claim 2, further comprising:
acquiring the encrypted data from the firewall and storing the encrypted data in a preset database;
user authentication information is obtained from the WeChat authentication server and stored in a preset database.
4. The method of claim 3, wherein the cloud middleware server verifying the encrypted data comprises:
and checking the encrypted data received from the mobile client with the encrypted data stored in the preset database, and if the encrypted data is consistent with the encrypted data, checking the encrypted data successfully.
5. A method according to claim 3, wherein the firewall completes the authentication process after processing the internal logic, comprising:
the front end of the firewall acquires the user authentication information sent by the cloud middleware server, and sends the user authentication information to the rear end of the firewall for login;
and receiving login information fed back by the back end of the firewall.
6. The method of claim 5, further comprising, after receiving the login information fed back by the firewall backend:
if the login information is successful login, displaying that the login is successful at the front end of the firewall;
triggering and checking login conditions to the back end of the firewall at preset time intervals, and updating login information.
7. A firewall mobile client authentication system, comprising:
a firewall in the mobile client, the cloud middleware server, the client authentication server and the authenticated equipment;
the firewall in the authenticated device is used for automatically releasing the client authentication domain name flow to allow the authentication interface to automatically load the SDK to generate a two-dimensional code containing encrypted data and user authentication information when the user is detected to access the firewall authentication interface in the authenticated device;
the mobile client is used for scanning an encrypted communication link automatic request generated by the two-dimension code identification authentication interface to communicate with the cloud middleware server, and sending an authentication request containing encrypted data and user authentication information to the cloud middleware server;
the cloud middleware server is used for verifying the encrypted data and interactively confirming the user authentication information with the client authentication server; if the verification is successful and the confirmation is successful, the cloud middleware server sends the user authentication information to a firewall;
the firewall in the authenticated device is also used for completing the authentication flow after the internal logic is processed according to the user authentication information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310807223.8A CN116684189A (en) | 2023-07-03 | 2023-07-03 | Firewall mobile client authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310807223.8A CN116684189A (en) | 2023-07-03 | 2023-07-03 | Firewall mobile client authentication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116684189A true CN116684189A (en) | 2023-09-01 |
Family
ID=87782122
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310807223.8A Pending CN116684189A (en) | 2023-07-03 | 2023-07-03 | Firewall mobile client authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116684189A (en) |
-
2023
- 2023-07-03 CN CN202310807223.8A patent/CN116684189A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9485239B2 (en) | Implementing single sign-on across a heterogeneous collection of client/server and web-based applications | |
| US9542540B2 (en) | System and method for managing application program access to a protected resource residing on a mobile device | |
| US8839397B2 (en) | End point context and trust level determination | |
| KR20060047252A (en) | Account creation via a mobile device | |
| US9197627B2 (en) | Leveraging a persistent connection to access a secured service | |
| CN110278187B (en) | Multi-terminal single sign-on method, system, synchronous server and medium | |
| US20050021975A1 (en) | Proxy based adaptive two factor authentication having automated enrollment | |
| CN111355713B (en) | Proxy access method, device, proxy gateway and readable storage medium | |
| US20090138947A1 (en) | Provisioning a network appliance | |
| CN113765906B (en) | Method, equipment and system for one-key login of terminal application program | |
| CN113922982B (en) | Login method, electronic equipment and computer readable storage medium | |
| CN111259356B (en) | Authorization method, auxiliary authorization component, management server and computer readable medium | |
| CN111241523A (en) | Authentication processing method, device, equipment and storage medium | |
| CN107395566B (en) | Authentication method and device | |
| CN103559430B (en) | application account management method and device based on Android system | |
| CN111245791B (en) | Single sign-on method for realizing management and IT service through reverse proxy | |
| CN110830479B (en) | Multi-card-based one-key login method, device, equipment and storage medium | |
| CN116684189A (en) | Firewall mobile client authentication method and system | |
| US11647017B2 (en) | Subscriber identity management | |
| CN107045603A (en) | Control method and device are called in a kind of application | |
| US20230419067A1 (en) | ENHANCED QUICK RESPONSE (qr) CODE SCAN SECURITY | |
| KR102282861B1 (en) | Device activation enablement | |
| CN111542055B (en) | Information interaction method, device, equipment and computer readable storage medium | |
| CN109558451B (en) | Data management method and system and storage medium | |
| CN116015918A (en) | NAT environment-based terminal network access control method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |