CN117155713A - Multi-authentication source authentication and authorization method and device - Google Patents
Multi-authentication source authentication and authorization method and device Download PDFInfo
- Publication number
- CN117155713A CN117155713A CN202311422436.5A CN202311422436A CN117155713A CN 117155713 A CN117155713 A CN 117155713A CN 202311422436 A CN202311422436 A CN 202311422436A CN 117155713 A CN117155713 A CN 117155713A
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- source
- application
- matching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000013475 authorization Methods 0.000 title claims abstract description 25
- 238000012795 verification Methods 0.000 claims description 4
- 230000003068 static effect Effects 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the application provides a multi-authentication source authentication and authorization method and device, and when a user accesses a specific application, the user in the embodiment of the application directly matches a corresponding first authentication source with the user according to a first matching rule between the first authentication source and user attributes; therefore, the application does not need to independently send the specific authentication source every time the user accesses the application as in the prior art, thereby reducing the workload of the administrator and improving the efficiency.
Description
Technical Field
The embodiments of the application belong to the technical field of network security, and particularly relate to a multi-authentication source authentication and authorization method and device.
Background
In the prior art, when a user accesses a specific application, the user can access the application only after authentication is passed, and because of different user types and different access specific applications, the user needs to configure and independently send specific different authentication modes for different users before accessing the user each time in order to access the security of the application, which causes the problem of large workload of an administrator.
Disclosure of Invention
In order to solve or alleviate the problems in the prior art, the embodiment of the application provides a multi-authentication source authentication and authorization method and device.
In a first aspect, an embodiment of the present application provides a multi-authentication source authentication authorization method, including:
receiving a request of a user for accessing an application;
matching a corresponding first authentication source for the user according to a first matching rule between the first authentication source and the user attribute;
receiving login credentials input by the user according to the matched corresponding first authentication source so as to perform first authentication on the user;
verifying the login credentials, and if the first authentication passes, sending the login tokens to the user;
and receiving an access request carrying the login token.
As a preferred embodiment of the present application, before receiving the request of the user to access the application, the method includes:
a first matching rule between the first authentication source and the user attribute and a second matching rule between the second authentication source and the application or the user attribute are configured.
As a preferred embodiment of the present application, the first matching rule includes:
it is determined whether the user access ip address is contained in a certain ip segment, and/or,
determining whether the user accesses the browser to carry the identification character;
the second matching rule includes:
determining whether the user IP, user attribute or application type has a corresponding second authentication source.
As a preferred embodiment of the present application, the first matching rules are multiple, and each first matching rule has a corresponding weight, and the matching of the corresponding first authentication source to the user according to the first matching rule between the first authentication source and the user attribute includes;
circulating to traverse all the first matching rules from big to small according to the weights of the first matching rules;
determining whether a plurality of first matching rules are hit, and if the plurality of first matching rules are hit, selecting the first matching rule with the largest weight as a first authentication source matched with the user;
if only one first matching rule is hit, determining a first authentication source for which the hit first matching rule matches the user;
if no first matching rule is hit, a default authentication source is acquired, and the default authentication source is determined to be the first authentication source matched with the user.
As a preferred embodiment of the present application, before sending the login token to the user, the method includes:
determining whether the user needs to be authenticated for a second time;
if yes, determining a second authentication source of the second authentication of the user;
and carrying out second authentication on the user according to a second authentication source of the second authentication.
As a preferred embodiment of the present application, the first authentication source of the first authentication is authenticated by a static authentication method, and the second authentication source of the second authentication is authenticated by a dynamic authentication method.
As a preferred embodiment of the present application, the determining whether the user needs to perform the second authentication includes:
acquiring the user IP, the user attribute and the application type;
if yes, determining whether the user needs to perform the second authentication according to the acquired user IP, the user attribute or the application type.
As a preferred embodiment of the present application, the determining the second authentication source for the second authentication of the user includes:
traversing a second matching rule;
and if the second matching rule is hit, performing second authentication on the user according to a second authentication source corresponding to the second matching rule.
As a preferred embodiment of the present application, the receiving the access request carrying the login token includes:
analyzing the login token to acquire user information and user access application rights;
judging whether the user has the authority to access the application according to the analyzed login token information;
if so, a request is received from a user to access an application.
Compared with the prior art, when a user accesses a specific application, the user is directly matched with the corresponding first authentication source according to the first matching rule between the first authentication source and the user attribute; therefore, the application does not need to independently send the specific authentication source every time the user accesses the application as in the prior art, thereby reducing the workload of the administrator and improving the efficiency.
In a second aspect, an embodiment of the present application provides a multi-authentication-source authentication authorization apparatus, including:
the receiving module is used for receiving a request of a user for accessing the application;
the matching module is used for matching the corresponding first authentication source for the user according to a first matching rule between the first authentication source and the user attribute;
the receiving module is further used for receiving login credentials input by the user according to the matched corresponding first authentication source so as to authenticate the user for the first time;
the verification module is used for verifying the login credentials and sending the login tokens to the user if the first authentication is passed;
the receiving module is further configured to receive an access request carrying the login token.
Compared with the prior art, the technical scheme provided by the second aspect has the same beneficial effects as those provided by the first aspect, and is not repeated here.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. Some specific embodiments of the application will be described in detail hereinafter by way of example and not by way of limitation with reference to the accompanying drawings. The same reference numbers in the drawings denote the same or similar parts or portions, and it will be understood by those skilled in the art that the drawings are not necessarily drawn to scale, in which:
fig. 1 is a schematic flow chart of a multi-authentication source authentication and authorization method according to an embodiment of the present application;
fig. 2 is a schematic diagram of an interaction process of a multi-authentication source authentication and authorization method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a multi-authentication-source authentication and authorization device according to an embodiment of the present application.
Detailed Description
In order to enable those skilled in the art to better understand the present application, the following description will make clear and complete descriptions of the technical solutions according to the embodiments of the present application with reference to the accompanying drawings. It will be apparent that the described embodiments are merely some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
In a first aspect, as shown in fig. 1 and 2, an embodiment of the present application provides a multi-authentication source authentication authorization method, including:
step S01, receiving a request of a user for accessing an application;
it should be noted that, first, the user tries to access an application program in the enterprise, so the application may receive an access request, where the user may be an employee in the enterprise, a member of the branch office, or a member outside the enterprise temporarily engaged by the enterprise.
Prior to step S01, it includes:
a first matching rule between the first authentication source and the user attribute and a second matching rule between the second authentication source and the application are configured.
It should be noted that, the present application introduces a plurality of authentication sources, including standard protocols (such as CAS, SAML, OAuth) and user customizable script authentication sources, and support of multi-source authentication enables the system to adapt to various different authentication requirements.
Specifically, the authentication source needs to be configured on the authentication engine first, for example, the configured authentication source may be: a user password login mode, a short message verification code login mode, a picture identification mode and the like. In addition, a matching rule of an authentication source corresponding to the user attribute needs to be configured, and the user attribute in the application is confirmed according to the area where the user is located and the organization architecture of the user in the company.
The first matching rule includes:
determining whether the user access ip address is contained in a certain ip segment;
this matching rule is mainly intended to distinguish between users in different areas, because the ip address of the user is different for each area.
And/or the number of the groups of groups,
determining whether the user accesses the browser to carry the identification character;
in some special application scenarios, for example, some company internal rule staff access some specific applications needs a special browser, and when a user accesses the special browser, the special browser carries an identification character, and the identification character is required to be configured in advance by an information department inside the company.
The second matching rule includes:
it is determined whether the application, user attribute, or application type has a corresponding second authentication source.
It should be noted that, as shown in fig. 2, if the application a does not configure the designated authentication source, the application B has the designated authentication source, if the application designates the authentication source, it is necessary to perform authentication according to the designated authentication, and since some specific applications have requirements on the access rights of the users, some users need to perform second authentication when accessing some applications, and the second authentication needs to be performed by the second authentication source. It is necessary to configure in advance which applications need to be authenticated for the second time and the corresponding second authentication sources.
Step S02, matching a corresponding first authentication source for the user according to a first matching rule between the first authentication source and the user attribute;
the method specifically comprises the following steps: the first matching rules are multiple, each first matching rule has a corresponding weight, and the matching of the corresponding first authentication source to the user according to the first matching rule between the first authentication source and the user attribute comprises the following steps of;
circulating to traverse all the first matching rules from big to small according to the weights of the first matching rules;
determining whether a plurality of first matching rules are hit, and if the plurality of first matching rules are hit, selecting the first matching rule with the largest weight as a first authentication source matched with the user;
if only one first matching rule is hit, determining a first authentication source for which the hit first matching rule matches the user;
if no first matching rule is hit, a default authentication source is acquired, and the default authentication source is determined to be the first authentication source matched with the user.
Specifically, when a user initiates a request, performing cyclic traversal matching on all the open first matching rules in the background according to the weight from large to small, for example, ip of the user is 192.168.20.210, the user has two first matching rules which can hit, but because the first matching rules have weight ordering, the first matching rule of the first hit is determined to be a first authentication source matched with the user;
if the first matching rule is not hit, the next is sequentially circulated according to the weight of the first matching rule until a hit first matching rule is found.
If all the first matching rules are hit, a default authentication source is required to be configured, and the default authentication source is configured in advance by a user, so that when all the first matching rules are hit, the authentication source of the user access application needs to be jumped to the default authentication source for authentication.
The application can ensure the stability and reliability of the system through the implementation mode of the intelligent judging mechanism and the combination of the intelligent judging mechanism and the multi-source authentication mode.
Step S03, receiving login credentials input by the user according to the matched corresponding first authentication source so as to perform first authentication on the user;
when the authentication is needed, the first authentication source of the first authentication authenticates through a static authentication mode, such as a user name and password authentication mode, and the authentication in the mode has relatively low security, but the authentication can be conveniently and quickly performed.
Step S04, verifying the login credentials, and if the first authentication passes, sending a login token to the user;
after the user passes the first authentication, the specific application accessed by each user is different, so that some authentication modes with higher level are needed, and the security of the application accessed by the user can be improved, so that the second authentication is needed.
Before sending the login token to the user, the method comprises the following steps:
determining whether the user needs to be authenticated for a second time;
if yes, determining a second authentication source of the second authentication of the user;
and carrying out second authentication on the user according to a second authentication source of the second authentication.
It should be noted that, according to the user IP, the user attribute, the application type, and the like, it is intelligently determined whether the second authentication is required, and if so, the authentication source of the second authentication is returned.
By the application, an administrator formulates an innovative mechanism of a personalized authentication strategy according to specific requirements. This allows the system to adapt to authentication requirements of different fields and scenarios, providing greater adaptability and security. By means of the multi-dimensional data according to the user IP, the user attribute, the application type and the like, whether the second authentication is needed or not is intelligently judged, unnecessary authentication steps can be reduced through the intelligent judging mechanism, and user experience is improved.
The determining whether the user needs to perform a second authentication includes:
acquiring the user IP, the user attribute and the application type;
and determining whether the user needs to perform the second authentication according to the acquired user IP, the user attribute or the application type.
The determining a second authentication source for the second authentication of the user includes:
traversing a second matching rule according to the user IP, the user attribute and the application type;
and if the second matching rule is hit, performing second authentication on the user according to a second authentication source corresponding to the second matching rule.
Specifically, if the user IP, the user attribute, or the application type are configured with the second authentication source, determining, from large to small, the corresponding second authentication source to authenticate the user according to the weight of the user IP, the user attribute, or the application type.
And step S05, receiving an access request carrying the login token.
The method specifically comprises the following steps:
analyzing the login token to acquire user information and user access application rights;
judging whether the user has the authority to access the application according to the analyzed login token information;
if so, a request is received from a user to access an application.
The application aims at realizing more intelligent, more accurate and safer data access control and user authentication authorization in a diversified digital environment. The application allows an administrator to set personalized authentication policies according to different users, applications and security levels. This enables the system to control data access more accurately, thereby improving data security. The specific technical effects are as follows:
the application can effectively improve the security of data through multisource authentication, intelligent judgment and personalized authorization strategy. Sensitive data and highly confidential applications are more tightly protected from unauthorized access.
Through intelligent judgment, unnecessary authentication flow of the user is avoided, and user experience is optimized. The user can access the required application more easily, reducing cumbersome authentication steps.
Based on a multidimensional intelligent judgment mechanism, accurate data access control can be realized. Each user and each application can conduct personalized authentication and authorization according to different situations, and safety and privacy of data are guaranteed.
Support a plurality of authentication sources and customized authentication strategies, so that the method can adapt to diversified authentication requirements of different users, different applications and different security levels
The intelligent judging mechanism can rapidly judge and decide the user authentication request, reduces the authentication waiting time and improves the response speed of the system.
The scheme of the application can be applied to the following aspects:
an enterprise internal application system: within large enterprises, there are many different levels of applications, including human resources applications, financial applications, sales applications, and the like. The application can realize accurate data access control according to different users, different departments and different applications, and ensure the security of sensitive data.
Cloud service platform: with the popularity of cloud services, users need to access different applications on a cloud platform. The application can realize accurate control of user access through multi-source authentication and intelligent judgment, and ensure the safety of the cloud platform.
Mobile application: in the field of mobile applications, users may need to access different functions and data, which may have different security levels. By the personalized authorization strategy, the data security of the mobile application can be ensured.
Government agencies and public services: government agencies and public service areas need to provide different levels of service to different users while ensuring privacy and security of data. The method can realize accurate authorization control according to the requirements of users and safety requirements.
In a second aspect, as shown in fig. 3, an embodiment of the present application provides a multi-authentication-source authentication authorization apparatus, including:
a receiving module 21 for receiving a request from a user to access an application;
a matching module 22, configured to match a corresponding first authentication source to a user according to a first matching rule between the first authentication source and a user attribute;
the receiving module 21 is further configured to receive a login credential input by the user according to the matched corresponding first authentication source so as to perform first authentication on the user;
a verification module 23, configured to verify the login credentials, and send the login token to the user if the first authentication is passed;
the receiving module 21 is further configured to receive an access request carrying the login token.
Compared with the prior art, the technical scheme provided by the second aspect has the same beneficial effects as those provided by the first aspect, and is not repeated here.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application.
Claims (10)
1. A multi-authentication-source authentication authorization method, comprising:
receiving a request of a user for accessing an application;
matching a corresponding first authentication source for the user according to a first matching rule between the first authentication source and the user attribute;
receiving login credentials input by the user according to the matched corresponding first authentication source so as to perform first authentication on the user;
verifying the login credentials, and if the first authentication passes, sending the login tokens to the user;
and receiving an access request carrying the login token.
2. The multi-authentication-source authentication-authorization method as claimed in claim 1, wherein before receiving the request of the user to access the application, the method comprises:
a first matching rule between the first authentication source and the user attribute and a second matching rule between the second authentication source and the application or the user attribute are configured.
3. The multi-authentication-source authentication authorization method according to claim 2, wherein the first matching rule includes:
it is determined whether the user access ip address is contained in a certain ip segment, and/or,
determining whether the user accesses the browser to carry the identification character;
the second matching rule includes:
determining whether the user IP, user attribute or application type has a corresponding second authentication source.
4. A multi-authentication-source authentication-authorization method as recited in claim 3, wherein the first matching rules are plural and each of the first matching rules has a corresponding weight, the matching the corresponding first authentication source to the user according to the first matching rules between the first authentication source and the user attribute, comprising;
circulating to traverse all the first matching rules from big to small according to the weights of the first matching rules;
determining whether a plurality of first matching rules are hit, and if the plurality of first matching rules are hit, selecting the first matching rule with the largest weight as a first authentication source matched with the user;
if only one first matching rule is hit, determining a first authentication source for which the hit first matching rule matches the user;
if no first matching rule is hit, a default authentication source is acquired, and the default authentication source is determined to be the first authentication source matched with the user.
5. A multi-authentication-source authentication-authorization method as recited in claim 3, wherein prior to sending the logon token to the user, comprising:
determining whether the user needs to be authenticated for a second time;
if yes, determining a second authentication source of the second authentication of the user;
and carrying out second authentication on the user according to a second authentication source of the second authentication.
6. The method of claim 5, wherein a first authentication source of the first authentication is authenticated by a static authentication method and a second authentication source of the second authentication is authenticated by a dynamic authentication method.
7. The multi-authentication-source authentication authorization method as claimed in claim 5, wherein the determining whether the user needs to perform the second authentication comprises:
acquiring the user IP, the user attribute and the application type;
if yes, determining whether the user needs to perform the second authentication according to the acquired user IP, the user attribute or the application type.
8. The method of claim 5, wherein determining a second authentication source for a second authentication of the user comprises:
traversing a second matching rule;
and if the second matching rule is hit, performing second authentication on the user according to a second authentication source corresponding to the second matching rule.
9. The multi-authentication-source authentication authorization method of claim 1, wherein the receiving the access request carrying the login token comprises:
analyzing the login token to acquire user information and user access application rights;
judging whether the user has the authority to access the application according to the analyzed login token information;
if so, a request is received from a user to access an application.
10. A multi-authentication-source authentication-authorization apparatus, comprising:
the receiving module is used for receiving a request of a user for accessing the application;
the matching module is used for matching the corresponding first authentication source for the user according to a first matching rule between the first authentication source and the user attribute;
the receiving module is further used for receiving login credentials input by the user according to the matched corresponding first authentication source so as to authenticate the user for the first time;
the verification module is used for verifying the login credentials and sending the login tokens to the user if the first authentication is passed;
the receiving module is further configured to receive an access request carrying the login token.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311422436.5A CN117155713B (en) | 2023-10-31 | 2023-10-31 | Multi-authentication source authentication and authorization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311422436.5A CN117155713B (en) | 2023-10-31 | 2023-10-31 | Multi-authentication source authentication and authorization method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117155713A true CN117155713A (en) | 2023-12-01 |
| CN117155713B CN117155713B (en) | 2024-02-23 |
Family
ID=88899182
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311422436.5A Active CN117155713B (en) | 2023-10-31 | 2023-10-31 | Multi-authentication source authentication and authorization method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117155713B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160021097A1 (en) * | 2014-07-18 | 2016-01-21 | Avaya Inc. | Facilitating network authentication |
| CN112039909A (en) * | 2020-09-03 | 2020-12-04 | 平安科技(深圳)有限公司 | Authentication method, device, equipment and storage medium based on unified gateway |
| CN112202708A (en) * | 2020-08-24 | 2021-01-08 | 国网山东省电力公司 | Identity authentication method and device, electronic equipment and storage medium |
-
2023
- 2023-10-31 CN CN202311422436.5A patent/CN117155713B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160021097A1 (en) * | 2014-07-18 | 2016-01-21 | Avaya Inc. | Facilitating network authentication |
| CN112202708A (en) * | 2020-08-24 | 2021-01-08 | 国网山东省电力公司 | Identity authentication method and device, electronic equipment and storage medium |
| CN112039909A (en) * | 2020-09-03 | 2020-12-04 | 平安科技(深圳)有限公司 | Authentication method, device, equipment and storage medium based on unified gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117155713B (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210203655A1 (en) | Single sign-on for unmanaged mobile devices | |
| US10880292B2 (en) | Seamless transition between WEB and API resource access | |
| EP3308525B1 (en) | Single sign-on for unmanaged mobile devices | |
| US9300653B1 (en) | Delivery of authentication information to a RESTful service using token validation scheme | |
| US8418234B2 (en) | Authentication of a principal in a federation | |
| US7571473B1 (en) | Identity management system and method | |
| US11017088B2 (en) | Crowdsourced, self-learning security system through smart feedback loops | |
| US8370901B2 (en) | Method and apparatus for providing identity management for users in a web environment | |
| EP2149102B1 (en) | Request-specific authentication for accessing web service resources | |
| US8474017B2 (en) | Identity management and single sign-on in a heterogeneous composite service scenario | |
| US8353016B1 (en) | Secure portable store for security skins and authentication information | |
| US8220035B1 (en) | System and method for trusted embedded user interface for authentication | |
| US6807577B1 (en) | System and method for network log-on by associating legacy profiles with user certificates | |
| CN113711563B (en) | Fine granularity token based access control | |
| EP3455762B1 (en) | Unified vpn and identity based authentication to cloud-based services | |
| US20110287739A1 (en) | Managing automatic log in to internet target resources | |
| EP3114812A1 (en) | Automatic detection of authentication methods by a gateway | |
| US20090049183A1 (en) | Method of Client-Side Form Authentication | |
| US11368449B2 (en) | Asserting a mobile identity to users and devices in an enterprise authentication system | |
| US11323432B2 (en) | Automatic login tool for simulated single sign-on | |
| CN112039873A (en) | Method for accessing business system by single sign-on | |
| CN110944021A (en) | Method and system for campus unified authentication and single sign-on | |
| CN117155713B (en) | Multi-authentication source authentication and authorization method and device | |
| CN116484338A (en) | Database access method and device | |
| JP2004524591A (en) | Systems, methods, and computer program products for providing integrated authentication services for online applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |