CN117407855B

CN117407855B - Unified user authentication method, system, equipment and medium based on dimension projection

Info

Publication number: CN117407855B
Application number: CN202311716137.2A
Authority: CN
Inventors: 彭宇; 王煜东; 杨挺
Original assignee: Sichuan Digital Industry Paradigm Technology Co ltd
Current assignee: Sichuan Digital Industry Paradigm Technology Co ltd
Priority date: 2023-12-14
Filing date: 2023-12-14
Publication date: 2024-02-09
Anticipated expiration: 2043-12-14
Also published as: CN117407855A

Abstract

The invention provides a unified user authentication method, system, equipment and medium based on dimension projection, and relates to the technical field of computer information. The method comprises the following steps: receiving identity data of a current user; according to the set conversion rule and the conversion parameter dictionary, converting the attribute name of the identity data, which is used for identifying the uniqueness of the identity of the user, into object type data, and taking the space where the object type data is located as an application space; taking the objects in the object type data as nodes and the relation among the objects as edges to construct a graph database; projecting object type data of a service system in the same space to obtain an entity object, and taking the space where the entity object is located as an entity space; and establishing a projection relation between the application space and the entity space in the graph database, obtaining the complete identity data of the current user, distributing the unique ID of the whole system for the user, and completing the unified user authentication of the current user. The invention can realize unified identity authentication of the user in a plurality of different service systems.

Description

Unified user authentication method, system, equipment and medium based on dimension projection

Technical Field

The invention relates to the technical field of computer information, in particular to a unified user authentication method, system, equipment and medium based on dimension projection.

Background

With the promotion of various industries on informationized application, the used business systems are gradually increased, when a user uses different systems, the systems are continuously switched, and the systems have own unified authentication, but the unified authentication systems of the systems are not mutually communicated at present, so that the user needs to have a plurality of accounts and log in for many times. Under the condition, if a unified identity authentication platform is not available, different service systems cannot be accessed through a unified portal, and the conditions of account redundancy and repeated login authentication have influence on user experience and office efficiency to a certain extent.

In addition, there is a problem that the data structures are inconsistent among a plurality of systems, so that the user needs to perform the butt joint processing one by one system and one field by one field during unified authentication, which is very complicated and easy to cause problems. In addition, the range of user unified authentication evolves along with the evolution of planning, and the existing unified authentication mode cannot achieve seamless upgrading.

Disclosure of Invention

In view of this, the embodiments of the present application provide a unified user authentication method, system, device, and medium based on dimension projection, so as to implement unified identity authentication of a user in multiple different service systems, and improve efficiency.

The embodiment of the application provides the following technical scheme: a unified user authentication method based on dimension projection comprises the following steps:

receiving identity data of a current user through a plurality of service system clients respectively;

according to a set conversion rule and a conversion parameter dictionary, converting attribute names which identify uniqueness of the identity of the user in the identity data of the current user into object type data, and taking the space where the object type data is located as an application space of the service system;

taking the objects in the object type data of each service system as nodes, and taking the relation among the objects as edges to construct a graph database;

projecting the object type data of each service system in the same space to obtain an entity object, and taking the space where the entity object is located as an entity space;

establishing a projection relation between the application space and the entity space in the graph database;

obtaining complete identity data of the current user according to the projection relation;

and distributing the unique ID of the whole system to the current user according to the complete identity data, and completing unified user authentication of the current user.

According to an embodiment of the present application, according to a set conversion rule and a conversion parameter dictionary, converting an attribute name identifying uniqueness of a user identity in the identity data of the current user into object type data includes:

traversing all fields in the identity data of the current user, and searching a conversion rule corresponding to the field name;

inquiring the conversion parameter dictionary according to the searched conversion rule, renaming the field name into a new field name corresponding to the conversion parameter dictionary, converting the attribute name which identifies the uniqueness of the user identity in the identity data of the current user into object type data, and setting the attribute value of the object at the same time; wherein the attribute values include query values and original attribute values obtained from the conversion parameter dictionary.

According to an embodiment of the present application, the space where the object type data is located is used as an application space of the service system, and the method further includes:

and searching in the conversion parameter dictionary to obtain the name of the application space corresponding to the identity data of the user.

According to an embodiment of the present application, projecting the object type data of each service system in the same space to obtain an entity object, and taking the space where the entity object is located as an entity space, including:

traversing object type data in all application spaces in each service system, and collecting the original attribute values in the object type data; deleting the repeated data in the collected original attribute values, and listing all the original attribute values;

traversing the list, adding an object which marks the uniqueness of the user identity to each original attribute value, and adding the attribute value of the object as the original attribute value traversed currently to obtain the entity object.

According to one embodiment of the application, establishing a projection relationship between the application space and the entity space in the graph database includes:

extracting the object in each application space and marking the object as a first mark;

extracting the original attribute value in the object in the application space and marking the original attribute value as a second identifier;

extracting the object in the entity space, filtering the object in the entity space according to a filtering rule that the original attribute value of the object in the entity space is equal to the original attribute value in the second identifier, and marking the filtered object in the entity space as a third identifier;

and taking the third mark as a starting point, taking the first mark as an ending point, and taking a connecting line from the starting point to the ending point as an edge, namely establishing a projection relation between the application space and the entity space in the graph database.

According to one embodiment of the present application, obtaining complete identity data of a current user according to the projection relationship includes:

and traversing along the edges from the node of the object with the unique user identity in the entity space in the graph database until the current node has no new edge, and outputting all traversed objects to obtain the complete identity data of the current user.

According to an embodiment of the present application, according to the complete identity data, a system-wide unique ID is allocated to a current user, so as to complete unified user authentication of the current user, and further including:

after the unified user authentication of the current user is completed, the current user performs user authentication, user authorization or user event forwarding through the unique ID of the whole system.

The application also provides a unified user authentication system based on dimension projection, which comprises:

the plurality of data acquisition modules are respectively used for receiving the identity data of the current user through a plurality of service system clients;

the connectors are respectively used for converting attribute names which identify the uniqueness of the identity of the user in the identity data of the current user into object type data according to a set conversion rule and a conversion parameter dictionary, and taking the space where the object type data is located as an application space of the service system;

the processor is used for constructing a graph database by taking the objects in the object type data of each service system as nodes and the relation among the objects as edges; the system is also used for projecting the object type data of each service system in the same space to obtain an entity object, and taking the space where the entity object is located as an entity space; the projection relation between the application space and the entity space is established in the graph database; the method is also used for obtaining the complete identity data of the current user according to the projection relation; and the system is also used for distributing the unique ID of the whole system to the current user according to the complete identity data, so as to complete the unified user authentication of the current user.

The application also provides a computer device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the unified user authentication method based on dimension projection when executing the computer program.

The present application also provides a computer-readable storage medium storing a computer program for executing the above-described dimension projection-based unified user authentication method.

Compared with the prior art, the beneficial effects that above-mentioned at least one technical scheme that this description embodiment adopted can reach include at least: the embodiment of the invention establishes a unified identity authentication platform based on dimension projection, solves the problem that different service systems cannot be accessed through unified entrances due to the fact that the unified authentication systems of the multiple systems are not mutually communicated at present, enables a user to access the multiple systems after unified identity authentication, improves user experience and working efficiency, and enables seamless upgrading of the unified identity authentication mode.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a unified user authentication method based on dimension projection according to an embodiment of the present invention;

FIG. 2 is a schematic illustration of an explanation of dimensional projection in an embodiment of the invention;

FIG. 3 is a schematic diagram of a user ID data conversion process according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of nodes and edges constructed by the business system A in an embodiment of the present invention;

FIG. 5 is a schematic diagram of nodes and edges constructed by the business system B in an embodiment of the invention;

FIG. 6 is a schematic view of the projection of the service system A and the service system B in the physical space according to the embodiment of the present invention;

FIG. 7 is a schematic diagram of business system A and business system B in a graph database in an embodiment of the invention;

FIG. 8 is a schematic diagram of a business system A and a business system B in a projected relationship with an entity space in a graph database according to an embodiment of the present invention;

FIG. 9 is a flow chart of assigning unique IDs of the whole systems to current users in an embodiment of the present invention;

FIG. 10 is a schematic diagram of a unified user authentication system architecture based on dimension projection in accordance with an embodiment of the present invention;

FIG. 11 is a schematic view of a connector according to an embodiment of the present invention;

FIG. 12 is a schematic diagram of a user authentication relay process performed by a connector according to an embodiment of the present invention;

FIG. 13 is a schematic diagram of a user authorized relay process performed by a connector according to an embodiment of the present invention;

FIG. 14 is a schematic diagram of a process of forwarding a user event by a connector in an embodiment of the present invention;

fig. 15 is a schematic structural view of the computer device of the present invention.

Detailed Description

Embodiments of the present application are described in detail below with reference to the accompanying drawings.

Other advantages and effects of the present application will become apparent to those skilled in the art from the present disclosure, when the following description of the embodiments is taken in conjunction with the accompanying drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. The present application may be embodied or carried out in other specific embodiments, and the details of the present application may be modified or changed from various points of view and applications without departing from the spirit of the present application. It should be noted that the following embodiments and features in the embodiments may be combined with each other without conflict. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.

As shown in fig. 1, an embodiment of the present invention provides a unified user authentication method based on dimension projection, including:

s101, respectively receiving identity data of a current user through a plurality of service system clients;

s102, converting attribute names which identify the uniqueness of the user identity in the identity data of the current user into object type data according to a set conversion rule and a conversion parameter dictionary, and taking the space where the object type data is located as an application space of the service system;

s103, taking the objects in the object type data of each service system as nodes, and taking the relation between the objects as edges to construct a graph database;

s104, projecting the object type data of each service system in the same space to obtain an entity object, and taking the space where the entity object is located as an entity space;

s105, establishing a projection relation between the application space and the entity space in the graph database;

s106, obtaining complete identity data of the current user according to the projection relation;

s107, distributing the unique ID of the whole system to the current user according to the complete identity data, and completing unified user authentication of the current user.

According to the unified user authentication method based on dimension projection, user data is preprocessed according to the set conversion rules and the conversion parameter dictionary, the processed user data is recognized, recognition of the same user identity in different systems is completed, and an association relation among the user data and the user data is established. The embodiment is realized based on a dimension projection algorithm, and in order to efficiently complete the whole algorithm, a graph database is used, so that compared with the traditional relational database, the efficiency of calculating the association relationship by the graph database is greatly improved, the algorithm of the embodiment fully utilizes the characteristics of the graph database, and the realization process is greatly simplified.

In addition, the dimension projection algorithm of the embodiment is developed based on the attribute of the identity uniqueness of the identification user, wherein the attribute of the identity uniqueness of the identification user can be a mobile phone number, a mailbox, an identity card, a register, a crime-free record evidence and the like, so that seamless upgrading can be realized during system upgrading. If the traditional relational database is used, then the method is carried out in a field matching mode, and when new fields and more service systems are accessed, a database table is required to be added, SQL scripts are modified, and then the SQL scripts are redeployed. The dimension projection algorithm of the embodiment can realize the relation (the edge in the graph database), so the abstract degree is higher, and the processing can be well carried out when the new field of the new system is accessed again, and the system is not required to be modified.

The dimension projection algorithm of the present embodiment is based on the concept of quantum entanglement. Quantum entanglement: that is, in quantum mechanics, when several base particles interact with each other, since the properties possessed by each particle are integrated into an integral property, the properties of each particle cannot be described alone, and only the properties of an integral system can be described, this phenomenon is called quantum entanglement or quantum entanglement (quantum entanglement).

Quantum entanglement is understood to be a "quantum association phenomenon", for example, assuming that one zero spin particle decays into two particles that move apart in opposite directions. Along a certain direction, spin is measured for one of the particles, and if spin is obtained as an upward spin, spin of the other particle must be a downward spin, and if spin is obtained as a downward spin, spin of the other particle must be an upward spin.

The relationship between quantum entanglement and unified identity authentication is one of the interpretations of quantum entanglement: one idea proposed by the physicist Yakir aharov is to assume that there is a complex structure of high dimensions, and that the quantum physical behavior observed is simply a low-dimensional projection or cross-section of this structure.

Namely: these "two" quanta are essentially "the same" object. This is very close to the concept of a "unified" user, e.g. two systems a and B, one in the a system and one in the phone; there is also one person in the B system, one phone, which exhibits the "entangled" feature:

making a call to the telephone of the A system, and the telephone of the B system is always busy;

if the phone of the A system is idle, the phone of the B system is necessarily idle;

this is because the telephone numbers of the a/B system are the same telephone number, i.e. in the real world, the two telephones are the same object.

Thus, the concept of "dimension projection" of embodiments of the present invention is that: assuming that the software system a/B is a projection of something of the real world in the "digital world", the "real world" can be considered to be a "higher dimension" of the "digital world".

The "phone entanglement" presented in the a/B system is because they are the same thing in the "high-dimensional world (real world)", and a/B only has obtained one "dimensional projection" of that thing, respectively. When all the dimension projections are converged together, the real phase of the 'reality' can be more similar, and the main idea of the dimension projection algorithm of the invention is as shown in fig. 2.

Noun interpretation referred to in this disclosure:

entity: what is summarized from all systems in the real world is an abstraction related to the software system, called an "entity", such as an "email box", "cell phone", where an entity is not a true physical object, but is a "software related abstraction", and is called an "entity" for distinguishing from a "data object" in a specific certain business system.

Service system: a software system that performs a certain service function is called a service system. User information is needed in the business system to complete the order and other operations.

Projection: an "entity" is a representation in a certain business system according to a certain rule, called a projection, for example, the projection of a mobile phone in the system is the mobile phone number.

Projection rule: association rules of entities and data objects in a business system are called projection rules. The main characteristic of the projection rule is whether there is an inverse mapping, and only the projection rule with the inverse mapping can be used as a path of a 'unified user'.

The application space and the entity space, all data objects of the business system form an application space, and all entity objects form an entity space.

In one embodiment, according to a set conversion rule and a conversion parameter dictionary, converting an attribute name identifying uniqueness of a user identity in the identity data of the current user into object type data includes:

In practice, it is assumed that in system a, there are user identity data definitions as shown in table 1 below:

table 1:

assume that data in a business system is expressed in JSON format as:

1. {

2. "ID":22345111232,

3. "nickName":"steven",

4. "mobileNumber":"138xxxxxxxx"

5. "password":"5794E56D5448C2425EFAA97234B67F2566E637A721B3B98871F4D16618CC099E",

6. "avatar":"https://csdn.aliyun.com/projecta/avatar/22345111232.png",

7. "gendar" for men "

8. }

9.

After data conversion, the data becomes:

1. {

2. "ID":22345111232,

3. "nickName":"steven",

4. "mobileNumber":{

5. "relation":"contact by",

6. "type": "exclusive",

7. "value": "138xxxxxxxx"

8. },

9. "password":"5794E56D5448C2425EFAA97234B67F2566E637A721B3B98871F4D16618CC099E",

10. "avatar":"https://csdn.aliyun.com/projecta/avatar/22345111232.png",

11. "gendar": "man",

12. "$nameSpace":"appA"

13. }

14.

the data before and after conversion are compared, and the changed parts are shown in table 2:

table 2:

the user identity data in table 1 is converted, as shown in fig. 3, and the specific operation process is as follows:

(1) Traversing all the fields, and searching in a set conversion rule according to the field names; if not, not converting;

(2) After finding, the conversion is performed according to the conversion rule, and two rules are currently supported: rename and relationship;

(3) The rule of Rename (renaming) means: changing the field name into a new field name given in the conversion parameter dictionary;

(4) The relationship means: changing the attribute name for identifying the uniqueness of the user identity into a relation object, wherein the relation object has 3 attributes, and the relation and type values are derived from values in a dictionary, namely the query value obtained from the conversion parameter dictionary; the value is the original attribute value, namely the original attribute value;

(5) At last, "$nameSpace" of the connector, i.e. the name of the application space, is appended, this value also being derived from the conversion parameter dictionary.

Similarly, assume that in system B, there is user data defined as shown in table 3 below:

table 3:

after the converted data format is determined, the map database of the service space is easily processed. In the graph database, "node" represents one object, and "edge" represents a relationship between objects. In the above example, the data acquired from the service system a can establish the nodes and edges shown in fig. 4 in the graph database, the established nodes exist in the application space appA, and the data acquired from the service system B can establish the nodes and edges shown in fig. 5 in the graph database, the established nodes exist in the application space appB.

In one embodiment, the projecting the object type data of each service system in the same space to obtain an entity object, and taking the space where the entity object is located as an entity space includes:

In particular implementations, the commands for establishing physical space usage in the database are as follows:

1. g.V().has('nameSpace','appA').has('type','mobileNumber')

2. .values('value')

3. .dedup().fold()

4. .sideEffect{

5. it- > g.addV ('mobile'). Property ('value', it) & property ('nano space', 'entity')

6. }

The concrete explanation is as follows:

(1) g.V (). Has ('namesespace', 'appA'). Has ('type', 'mobileNumber') means traversing all mobileNumber nodes in the application space appA;

in this embodiment, "mobile number node" is used as the object for identifying the uniqueness of the user identity;

(2) value ('value') means that the attribute value of this field of value is collected;

(3) By reduced (). Fold () is meant that the collected values are removed from the repetition and then collected into a list;

(4) The side effect { … } means traversing the list to complete the operations therein;

(5) it- > g.addv (' mobile '). Property (' value ', it) & property (' nano space, ' entity ') means that for each value, the following operations are performed:

a. one 'mobile' node is added and,

b. the value of this node is filled with the value of the current traversal,

c. the nalsphere value of this node is "entity".

If the physical space is imagined as a 3-dimensional space and the application space is imagined as a 2-dimensional space projected from the 3-dimensional space as shown in fig. 6, the representation in the graph database is as shown in fig. 7.

In one embodiment, establishing a projected relationship between the application space and the entity space in the graph database includes:

In specific implementation, the command for establishing the projection relationship in the graph database is as follows:

1. g.V().hasLabel('mobileNumber').has('nameSpace','appA').as('a').

2. select('a').by('value').as('v').

3. v (). HasLabel ('mobile'), has ('namesespace', 'entity'), has ('value', select ('V')) as ('b').

4. addE('projection').from('b').to('a')

The description of the above commands is as follows:

1. selecting all mobileNumber nodes in the application space appA, denoted as 'a';

2. extracting a value of a and marking the value as v;

3. selecting a mobile node of the entity space and filtering according to 'value' = 'v', denoted as 'b';

4. an "project" edge is created whose starting point is 'b' and ending point is 'a'.

Similarly, the application space app b does so, and the diagram database is shown in fig. 8.

In one embodiment, obtaining complete identity data of the current user according to the projection relationship includes:

In specific implementation, taking the mobile phone number "138 xxxxxxx" as an example, the command for acquiring all relevant nodes is as follows:

1. g.V().hasLabel('mobileNumber').has('value','138xxxxxxxx').

2. repeat(outE('exclusive').inV().simplePath()).

3. until(has('exclusive')).

4. emit().dedup()

the description of the above commands is as follows:

1. starting from a mobile node of 138 xxxxxxx;

2. performing infinite traversal, wherein the traversal rule is performed along the edge of 'exclusive';

3. stopping traversing until the node has no new exclusive edge;

4. emit outputs and removes duplicate results.

After the operation, a node set is obtained, and the node set is used as an output result of an algorithm, namely, the complete identity data of the current user is provided as input for subsequent operation.

In one embodiment, according to the complete identity data, assigning a system-wide unique ID to the current user to complete unified user authentication of the current user, and further comprising:

In implementation, a unified ID is assigned to the found "unified user", and the specific flow is shown in fig. 9.

As shown in fig. 10, an embodiment of the present invention further provides a unified user authentication system based on dimension projection, including:

In specific implementation, the connector is used for: traversing all fields in the identity data of the current user, and searching a conversion rule corresponding to the field name; inquiring the conversion parameter dictionary according to the searched conversion rule, renaming the field name into a new field name corresponding to the conversion parameter dictionary, converting the attribute name which identifies the uniqueness of the user identity in the identity data of the current user into object type data, and setting the attribute value of the object at the same time; wherein the attribute values include query values and original attribute values obtained from the conversion parameter dictionary.

In particular, the processor is configured to: traversing object type data in all application spaces in each service system, and collecting the original attribute values in the object type data; deleting the repeated data in the collected original attribute values, and listing all the original attribute values; traversing the list, adding an object which marks the uniqueness of the user identity to each original attribute value, and adding the attribute value of the object as the original attribute value traversed currently to obtain the entity object.

In particular, the above processor is further configured to: extracting the object in each application space and marking the object as a first mark; extracting the original attribute value in the object in the application space and marking the original attribute value as a second identifier; extracting the object in the entity space, filtering the object in the entity space according to a filtering rule that the original attribute value of the object in the entity space is equal to the original attribute value in the second identifier, and marking the filtered object in the entity space as a third identifier; and taking the third mark as a starting point, taking the first mark as an ending point, and taking a connecting line from the starting point to the ending point as an edge, namely establishing a projection relation between the application space and the entity space in the graph database.

In particular, the above processor is further configured to: and traversing along the edges from the node of the object with the unique user identity in the entity space in the graph database until the current node has no new edge, and outputting all traversed objects to obtain the complete identity data of the current user.

In the system of the embodiment of the invention, two nodes are provided: the device comprises a connector node and a processor node, wherein the processor node is internally provided with a connector. The main function of the connector is data conversion and transmission, which is an infrastructure component of the system. The main function of the processor is data management and authorization, which is the main realization part of the service core of the system.

The structure of the connector is shown in fig. 11.

1. There are 3 types of data for the connector:

(1) Node identity: data indicating the SOURCE (SOURCE) and SINK (SINK) identities of the data throughout the system. Typically including information such as IP/domain name, ID, authenticated KEY, etc.

(2) Conversion rule: the connector needs to 'format' the data received from the service system and then send the data to the processor, so that a plurality of conversion rules can be configured how the data is converted;

(3) Conversion parameter dictionary: in addition to the rule, the data conversion needs to be known, and specific parameters need to be known, and the parameters are stored in a conversion parameter dictionary.

2. The connector has 4 main functional areas:

(1) And a downlink interface: is responsible for exchanging data with a service system;

(2) Data conversion: converting data between a service system and a management node according to rules;

(3) Uplink interface: the responsible and management nodes exchange data;

(4) And a management module: is responsible for basic functions such as configuration data, authentication, heartbeat detection, etc.

The main work of the connector is 3: user authentication relay, user authorization relay, user event forwarding.

User authentication relay: before user authentication, the connector node needs to report the up state to the processor node by using its own ID and KEY, and complete its own identity authentication.

The main task of user authentication on the connector is to complete the addition of data and the forwarding of request, and the process of user authentication relay of the connector in the embodiment of the present invention is shown in fig. 12.

The process of user authorization relay is shown in fig. 13. The process of user event forwarding is shown in fig. 14. The user event forwarding process mainly searches the conversion rule and the conversion parameter dictionary to finish the data conversion processing.

In general, the connector works relatively simply, providing one-to-one field level conversion with the service system, relaying of requests. The connector can be deployed as a stand-alone process or as a service in a micro-service system, which is deployed within a network with the business system.

The most important in the operation of the processor is to identify the user data reported by the connector, complete the identification of the same user identity in different systems and establish the association relationship between the user identity and the user identity. And secondly, the processor completes unified management and processing of the data and prepares for downstream data consumption links. Meanwhile, the processor also completes related functions of common unified user management, such as authentication, authorization, data statistics and the like.

In practical terms, the work to be done is greatly simplified, requiring only the following operations:

1. in resource planning, a server is allocated to a processor;

2. installing a corresponding number of connectors to a proper server according to the number of the accessed service systems;

3. configuring each connector, including application space name assignment, conversion specification and conversion parameter dictionary configuration;

4. the business system interfaces with the connector using an http interface.

The unified user access is realized through the operation, so that the method is very concise and has good isolation. The embodiment has little influence on the existing system, only a connector is added, and the original function is not required to be changed; and the scheme is developed in a sustainable way, and the integrated central node can be re-integrated through the service interface to become an application node of the next stage.

The embodiment of the invention solves the technical problems that the prior multiple service systems have own unified authentication, but the unified authentication systems are not mutually communicated, users need to authenticate one by one, the operation is complicated, the efficiency is affected, the data structures of the multiple systems are inconsistent, the users need to perform the butt joint treatment one by one field of the systems during unified authentication, and the system is very complicated and easy to make mistakes.

In one embodiment, a computer device is provided, as shown in fig. 15, including a memory 201, a processor 202, and a computer program stored on the memory and executable on the processor, which when executed implements any of the above-described dimension projection-based unified user authentication methods.

In particular, the computer device may be a computer terminal, a server or similar computing means.

In this embodiment, a computer-readable storage medium storing a computer program for executing any of the above-described dimension projection-based unified user authentication methods is provided.

In particular, computer-readable storage media, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer-readable storage media include, but are not limited to, phase-change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable storage media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It will be apparent to those skilled in the art that the modules or steps of the embodiments of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may alternatively be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than what is shown or described, or they may be separately fabricated into individual integrated circuit modules, or a plurality of modules or steps in them may be fabricated into a single integrated circuit module. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.

The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily conceivable by those skilled in the art within the technical scope of the present application should be covered in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A unified user authentication method based on dimension projection, comprising:

distributing a unique ID of the whole system to the current user according to the complete identity data, and completing unified user authentication of the current user;

projecting the object type data of each service system in the same space to obtain an entity object, and taking the space where the entity object is located as an entity space, wherein the method comprises the following steps:

traversing object type data in all application spaces in each service system, and collecting original attribute values in the object type data; deleting the repeated data in the collected original attribute values, and listing all the original attribute values;

traversing the list, adding an object which marks the uniqueness of the user identity to each original attribute value, and adding the attribute value of the object as the original attribute value traversed currently to obtain the entity object;

establishing a projection relationship between the application space and the entity space in the graph database, including:

and taking the third mark as a starting point, taking the first mark as an ending point, taking a connecting line from the starting point to the ending point as an edge, and establishing a projection relation between the application space and the entity space in the graph database.

2. The unified user authentication method based on dimension projection according to claim 1, wherein converting the attribute name identifying uniqueness of the user identity in the identity data of the current user into object type data according to a set conversion rule and a conversion parameter dictionary, comprises:

3. The unified user authentication method based on dimension projection according to claim 1 wherein the space where the object type data is located is used as an application space of the business system, further comprising:

4. The unified user authentication method based on dimension projection according to claim 1, wherein obtaining complete identity data of a current user according to the projection relationship comprises:

5. The dimension projection-based unified user authentication method according to claim 1, wherein a system-wide unique ID is assigned to a current user according to the complete identity data, so as to complete unified user authentication of the current user, further comprising:

6. A dimension projection-based unified user authentication system applying the dimension projection-based unified user authentication method according to claim 1, comprising:

7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the dimension projection based unified user authentication method according to any one of claims 1 to 5 when executing the computer program.

8. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program that performs the dimension projection-based unified user authentication method according to any one of claims 1 to 5.