CN1323508C - A Single Sign On method based on digital certificate - Google Patents
A Single Sign On method based on digital certificate Download PDFInfo
- Publication number
- CN1323508C CN1323508C CNB2003101094811A CN200310109481A CN1323508C CN 1323508 C CN1323508 C CN 1323508C CN B2003101094811 A CNB2003101094811 A CN B2003101094811A CN 200310109481 A CN200310109481 A CN 200310109481A CN 1323508 C CN1323508 C CN 1323508C
- Authority
- CN
- China
- Prior art keywords
- user
- server
- application
- login
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to a single-point Sign-In implementation method based on a digital certificate. By storing a digital certificate and a public / private key pair in an application server and utilizing a public / private key of the server, user information is ciphered and saved to be applied between multiple utility systems to realize safety single Sign-In, safety and reliability. The present invention not only avoids the user information loss caused by that session expires and solves the problem that a user is restrained due to the fact that cookies is rejected. A user can sign in by one time, does not need to repeatedly input Sign-In information, and therefore, the present invention has the convenient and safe use, very high demonstration effect and popularizing worth. The method of the present invention is especially suitable for the safety modification of the existing multiple utility system, and the original application system still reserves the function controlling Sign In by a user name / password. The modification work load of adding digital certificate identity identification is small. After modifying, the user switches over between the multiple utility systems, and repeatedly checking the identity is not needed, which truly achieves the goal of once Sign In, roam everywhere. The present invention is a single Sign-In implementation method with safety, practicality, simplicity and convenience.
Description
Technical field
The present invention relates to a kind of single-sign-on implementation method, can be used for realizing safe single-sign-on between many application systems, belong to field of information security technology based on digital certificate.
Background technology
For informationization, ecommerce and other demands that realizes enterprise, increasing information system occurs on the net, the network user of these enterprises and system manager have in the face of following these problems: all need to do one-time identity authentication when the user need use wherein any one enterprise to use, and the authentication information (username and password) that authentication is each time used can not guarantee unanimity 1.; 2. the system manager need be provided with a kind of independent security strategy to each system, and need authorize separately to guarantee that they can not visit them and not be authorized to the Internet resources of visiting for the user in each system.Therefore, previously used login system need to be given the system on each machine, or even each application on every machine, prepares a cover user's management system and a system user delegated strategy.Consider the operability and the safety problem of interoperability, the SSO single-sign-on is brought together management with login of the user in all territories of enterprises and user account number, played the minimizing user and in different system, logined consumed time, and the user logins the possibility of makeing mistakes; When realizing safety, avoided handling and preserving many cover systems user's authentication information; The time that has reduced system manager's increase, deletion user and revised user right; Increased fail safe, the system manager has also had the better method leading subscriber, comprise and also to claim single-sign-on by directly forbidding and deleting the user and cancel the positive effects such as access rights of this user to all system resources: SSO (Single Sign-On) literal translation for once login.The mechanism of SSO is made one-time identity authentication exactly when enterprise network user capture enterprise web site, just can carry out seamless access to all Internet resources that are authorized to subsequently, and not need repeatedly to import the authentication information of oneself.SSO can improve the network user's operating efficiency, the reduction system probability of makeing mistakes.The benefit of SSO single-sign-on is apparent: but relatively be difficult to realize.At present, the SSO single-sign-on mainly is to provide a kind of authentication information shared mechanism by each tame middleware provider when application server cluster is provided, the implementation that each tame manufacturer provides is also different, and the WebSphere application server of IBM Corporation is by cookies record authentication information.The WebLogic application server of BEA company is realized sharing of authentication information by the session technology of sharing.The apusic application server employing of domestic Shenzhen Kingdee and the technology of BEA company basically identical.Wherein, cookie is a blocks of data that is sent to the login user browser by the Web website, can be stored in the user's computer as anonymous mark, is used for the computer of identifying user, and this requires the client to allow on oneself computer acceptance to deposit cookie.Session also claims session, and its topmost effect is exactly to set up a private variable at some users' special connection, and this variable can transmit between the different pages.Yet, no matter adopt the session technology of sharing or, all have the problem that is difficult for preservation, loses easily by cookies record authentication information.Session consumes resource, also has ageingly usually, in case overtime, information will all be lost; And cookies can only be applied to accept on the browser of cookie, and suitable limitation is arranged.In order to overcome these deficiencies, the present invention proposes a kind of effective implementation method, make user authentication information between different application systems, to transmit safely and effectively, thereby realize the SSO single-sign-on.
Summary of the invention
User authentication information is difficult for problems such as preservation, transmission when the objective of the invention is at single-sign-on, a kind of employing digital certificate is proposed, public affairs/private key techniques combines, log-on message to the user is encrypted, information effective and safe ground transmission method between application system after realizing encrypting, thereby user authentication information is transmitted between different application systems safely and effectively, realize the SSO single-sign-on.
Realize that the maximum difficult point of single-sign-on is to preserve user's log-on message, and it be sent to each application system safely, again according to the user each application system access rights, the control user is to the visit of locked resource.Protection information security the most simple and effective way does not have too and encrypts, and the inventive method adopts digital certificate, public affairs/private key techniques to combine, user login information is encrypted, after the encryption, information just can be between application system safe transfer.Single-sign-on implementation method based on digital certificate proposed by the invention is as follows:
Suitable environment:
1. a plurality of different application systems are arranged in the information system, each application system has different separately software and hardware running environment, each application system of supposition all operates in independently on the application server in the inventive method, and the user can pass through client/browser access application system;
2. each user has the digital certificate eKey (letter of identity, signature private key, the cryptographic algorithm that comprise the user among the eKey) of oneself;
3. each user has the authority of visit different application systems, and has different access rights, these authority informations all to be stored in the unified system database in different application systems;
4. a logon server is arranged in the information system of the present invention, be responsible for realizing user's login feature, and this logon server can be shared identical hardware device with each application server in the reality;
5. also have a certificate server in the information system of the present invention, be in charge of all digital certificates.
Implementation method:
A cover server certificate is issued for each application server in a.CA (issuing and authority of certificate) center, and it is right correspondingly to generate a pair of public affairs/private key, certificate and public affairs/private key are to leaving on each application server, only as identification server identity and server end encryption and decryption;
B. the login interface on the user capture browser/client sends logging request to logon server;
C. after the logon server end is received request, generate a random string, be sent to browser/client, require the user that this character string is signed;
D. browser/client requires the user that digital certificate eKey is provided;
E. the interface that provides of browser/client call number certificate eKey is signed random string;
F. browser/client will be signed and user's digital certificate eKey sends to the logon server end;
G. whether the signature of logon server elder generation verified users is effective, if the verification passes, illustrates in the user profile transport process and do not distorted;
H. whether check digit certificate eKey is effective again for logon server, if digital certificate eKey is effective, can take out user's unique identification from digital certificate eKey, and according to the user right information in the unique identification navigation system database;
I. logon server is acted on behalf of main interface all application system inlets will be provided, and determine according to user right whether the user can enter each application system according to the main interface of agency that user right information structuring user logins each application system;
J. the user sends the request of certain application system of visit;
K. logon server is verified the authority information of this system of user capture;
L. after the authority of this system of logon server checking user capture is passed through, from system database, take out this user's user name, password, to the application server at this system place, obtain server certificate and server public key again;
M. logon server is encrypted user name, password, letter of identity, four kinds of information of requested application server certificate of login user with the server public key of requested application server, forms the login ciphertext;
N. logon server will be logined ciphertext and send to requested application server;
O. application server is logined ciphertext with the private key deciphering of book server, and information such as the user name of acquisition login user, password, letter of identity will be logined ciphertext to be kept on the book server simultaneously;
P. application server obtains user name, the password of login user from system database according to user's letter of identity;
Q. after application server will obtain user name, the password of login user and decipher the user name, the password that obtain from the login ciphertext to compare from system database, the consistent user of comparison logined success, allows user capture;
R. application server is permitted: the user capture authorization resources according to the user right that obtains from system database:
S. the user clicks " withdrawing from " button when the application system of visiting switches to the Another Application system, and quitting a program just can bring into operation;
T. quit a program and take out the login ciphertext of preserving, decrypt user's user name, password, letter of identity, use the encrypted private key of book server again, form and withdraw from ciphertext from book server;
U. application server will withdraw from ciphertext and send to logon server, send the request of withdrawing from;
V. logon server withdraws from ciphertext with the PKI deciphering of this application server, obtains user's user name, password, letter of identity;
W. logon server repeating step h, whether the digital certificate eKey of verified users is effective again, if digital certificate eKey is effective, can from certificate, take out user's unique identification, and according to the user right information in the unique identification navigation system database, re-construct login agent master interface, allow other application systems of user capture, and need not import login name, password once more.
The inventive method Applied Digital certificate and public affairs/private key techniques realize the single-sign-on of many application systems, user profile is transmitted between many application systems, is stored with the ciphertext form, safe and reliable, both avoided in the session technology because the expired user profile that causes of session is lost, solved also that user in the cookies technology refuses cookies and the restriction that is subjected to.The user can once login, and moves between multisystem, need not repeat to import log-on message, has ensured fail safe in easy to use satisfying, and has very high exemplary role and promotional value.The inventive method is specially adapted to existing many application systems are carried out safe transformation, original application system still keeps by the function of user name/password control login, increase the digital certificate authentication on this basis, the retrofit work amount is little, transforms the back user and switches between many application systems, need not the duplication check identity, really having realized " once login; roaming everywhere ", is a kind of safe and practical, simply and easily SSO single-sign-on implementation method.
Description of drawings
Fig. 1 is the inventive method software login interface schematic diagram.Wherein, 1-login interface.
Fig. 2 is the inventive method software login agent master interface schematic diagram.Wherein, 2-software login agent master interface.
Fig. 3 is the inventive method software application system master interface schematic diagram.Wherein, 3-software application system login agent master interface.
Fig. 4 realizes many application systems single-point logging method flow chart for the present invention.Wherein, 4-beginning; 5-user sends logging request; 6-logon server generates at random under the passage and passes to client; 7-client is issued logon server with private key for user in the lump to the signature of literal at random and with the certificate number of oneself; Whether 8-logon server signature verification is successful; The login of 9-refusal; Whether 10-logon server verification certificate is effective; The login of 11-refusal; 12-logon server obtains the authority of each application system of user capture, structure login agent interface; 13-user sends the request of certain application system of visit; 14-logon server verified users is visited the authority of this system; 15-denied access; 16-logon server is encrypted information such as user name, password, letter of identity and is sent application server to the server public key that is requested to visit; 17-application server decrypts information such as user name, password; 18-application system user (asu) name, password verification; 19-denied access; 20-using system; 21-log off; 22-application server sends to logon server with user's user name, password, the letter of identity encrypted private key with book server; 23-logon server decrypts user name, password, letter of identity.
Embodiment
Describe the embodiment of the invention in detail below in conjunction with accompanying drawing.
Embodiment
Adopt this method to realize single-sign-on between a plurality of different application systems, suppose at first that each application system is former to exist, and all adopt the method for checking user name, password to login verification.After method begins 4, user capture login interface 1, browser sends logging request to logon server, logon server generates random string S, and random string S beamed back browser, the prompting user signs to random string S, the user provides digital certificate eKey, enter password, adopt the HASH algorithm that character string S is signed among the digital certificate eKey, obtain login ciphertext E1, the letter of identity that browser will be logined ciphertext E1 and user sends to logon server, server decrypting ciphertext E1, certifying signature and certificate, checking is by access system data storehouse, back, construct this user's authority information, and then according to authority information tectonic system login agent master interface 2, and each application system bright-dark degree difference, whether the hint user addressable this system.After the application system that the user selects to visit, send access request, logon server checking user's access rights, after checking is passed through, from system database, take out user name, password, reinstate requested application server public key encryption with digital certificate eKey one, form visit ciphertext E2, be sent to this application server, application server at first will be visited ciphertext and will be kept on the book server, use the private key decrypting ciphertext E2 of oneself again, obtain original user name, password and digital certificate eKey, use user name then, the visit verification done in password, and verification just can be visited own authorized resource in this application system by the back user, shown in application system master interface 3.When the user needs the switch application system, click " withdrawing from ", quit a program and take out the visit ciphertext E2 that preserves, the deciphering back obtains user's user name, password, letter of identity, again with the encrypted private key of these information with book server, ciphertext E3 is withdrawed from formation, send to logon server, logon server application server PKI decrypting ciphertext E3, obtain user's user name, password, letter of identity, verify user's certificate again, structure login agent master interface, the user acts on behalf of main interface 2 with regard to having returned system login again like this, and other application systems again can conduct interviews.The single-sign-on idiographic flow is as follows between a plurality of different application systems: after method begins 4, the user sends logging request 5, logon server generates passage at random, under pass to client 6, client with the registrant private key to literal signature at random, and the certificate number of oneself issued logon server 7 in the lump, if the whether success 8 of logon server signature verification is unsuccessful, then the refusal login 9, if sign successfully, whether logon server verification certificate is effective 10, if unsuccessful, then the refusal login 11, if success, logon server obtains the authority of each application system of user capture, structure login agent interface 12.Then, the user sends the request 13 of certain application system of visit, the logon server verified users is visited the authority 14 of this system, if it is unsuccessful, then denied access 15, if success, logon server is encrypted information such as user name, password, letter of identity and is sent application server 16 to the server public key that is requested to visit, application server decrypts information 17 such as user name, password, and by application system to user name, password verification 18, if unsuccessful, then denied access 19, if success, then using system 20.When withdrawing from using system 21, the encrypted private key of book server used user's user name, password, letter of identity by application server, send to logon server 22, logon server decrypts user name, password, letter of identity 23, passes to logon server verification certificate whether effective 10 again.The whole flow process of method is complete effectively.Adopt the inventive method, the user only needs once login, when switching between different application systems, need not re-enter authorization informations such as the user name and password, these information quilts are encrypting storing safely, between each system, transmit, neither can lose, also can not divulge a secret, to client also without any specific (special) requirements, and implement and need not do a large amount of changes to original application system, simple, have excellent popularization and be worth.
Claims (1)
1, a kind of single-sign-on implementation method based on digital certificate, the digital certificate, public affairs/private key techniques, the log-on message that comprise employing are encrypted and suitable environment: a plurality of different application systems are arranged in the information system, each application system has different separately software and hardware running environment, and supposing that each application system all operates in independently on the application server, the user can be by client/browser access application system: each user has user identity certificate, the signature private key of oneself, the digital certificate eKey of cryptographic algorithm; Each user has the authority of visit different application systems, and has different access rights, authority information to be stored in the unified system database in different application systems; A logon server is arranged in the information system, be responsible for realizing user's login feature, and this logon server can be shared identical hardware device with each application server in the reality; Wherein also have a certificate server, be in charge of all digital certificates, it is characterized in that the single-sign-on implementation method is as follows:
A cover server certificate is issued for each application server in the a.CA center, and it is right correspondingly to generate a pair of public affairs/private key, and certificate and public affairs/private key are to leaving on each application server, only as identification server identity and server end encryption and decryption;
B. the login interface on the user capture browser/client sends logging request to logon server;
C. after the logon server end is received request, generate a random string, be sent to browser/client, require the user that this character string is signed;
D. browser/client requires the user that digital certificate eKey is provided;
E. the interface that provides of browser/client call number certificate eKey is signed random string;
F. browser/client will be signed and user's digital certificate eKey sends to the logon server end;
G. whether the signature of logon server elder generation verified users is effective, if the verification passes, illustrates in the user profile transport process and do not distorted;
H. whether effective check digit certificate eKey is again for logon server, if digital certificate eKey is effective, can take out user's unique identification from digital certificate eKey, and according to the user right information in the unique identification navigation system database;
I. logon server is acted on behalf of main interface all application system inlets will be provided, and determine according to user right whether the user can enter each application system according to the main interface of agency that user right information structuring user logins each application system;
J. the user sends the request of certain application system of visit;
K. logon server is verified the authority information of this system of user capture;
L. after the authority of this system of logon server checking user capture is passed through, from system database, take out this user's user name, password, to the application server at this system place, obtain server certificate and server public key again;
M. logon server is encrypted user name, password, letter of identity, the requested application server certificate four sample information of login user with the server public key of requested application server, forms the login ciphertext:
N. logon server will be logined ciphertext and send to requested application server:
O. application server is logined ciphertext with the private key deciphering of book server, and information such as the user name of acquisition login user, password, letter of identity will be logined ciphertext to be kept on the book server simultaneously;
P. application server obtains user name, the password of login user from system database according to user's letter of identity;
Q. after application server will obtain user name, the password of login user and decipher the user name, the password that obtain from the login ciphertext to compare from system database, the consistent user of comparison logined success, allows user capture;
R. application server is permitted the user capture authorization resources according to the user right that obtains from system database;
When s. the user will switch to the Another Application system from the application system of visiting, click " withdrawing from " button, quitting a program just can bring into operation;
T. quit a program and take out the login ciphertext of preserving, decrypt user's user name, password, letter of identity, use the encrypted private key of book server again, form and withdraw from ciphertext from book server;
U. application server will withdraw from ciphertext and send to logon server, send the request of withdrawing from;
V. logon server withdraws from ciphertext with the PKI deciphering of this application server, obtains user's user name, password, letter of identity;
W. logon server repeating step h, whether the digital certificate eKey of verified users is effective again, if digital certificate eKey is effective, can from certificate, take out user's unique identification, and according to the user right information in the unique identification navigation system database, re-construct login agent master interface, allow other application systems of user capture, and need not import login name, password once more.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101094811A CN1323508C (en) | 2003-12-17 | 2003-12-17 | A Single Sign On method based on digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101094811A CN1323508C (en) | 2003-12-17 | 2003-12-17 | A Single Sign On method based on digital certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1547343A CN1547343A (en) | 2004-11-17 |
| CN1323508C true CN1323508C (en) | 2007-06-27 |
Family
ID=34335229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101094811A Expired - Fee Related CN1323508C (en) | 2003-12-17 | 2003-12-17 | A Single Sign On method based on digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1323508C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108023874A (en) * | 2017-11-15 | 2018-05-11 | 平安科技(深圳)有限公司 | Calibration equipment, method and the computer-readable recording medium of single-sign-on |
Families Citing this family (47)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7810143B2 (en) * | 2005-04-22 | 2010-10-05 | Microsoft Corporation | Credential interface |
| JP2009517723A (en) * | 2005-11-24 | 2009-04-30 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Method for reliably accessing multiple systems of a distributed computer system by entering a password, distributed computer system and computer program for performing the method |
| CN102122333B (en) * | 2011-03-21 | 2015-01-07 | 北京书生国际信息技术有限公司 | Method for logging in document library system |
| CN101008970A (en) | 2006-01-24 | 2007-08-01 | 鸿富锦精密工业(深圳)有限公司 | Authority management and control method and system thereof |
| CN1835438B (en) | 2006-03-22 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method of realizing single time accession between websites and website thereof |
| US8312523B2 (en) * | 2006-03-31 | 2012-11-13 | Amazon Technologies, Inc. | Enhanced security for electronic communications |
| CN101051900B (en) * | 2006-06-20 | 2010-05-12 | 华为技术有限公司 | Method for correcting accession information by network |
| CN1937495B (en) * | 2006-09-29 | 2010-05-12 | 清华大学深圳研究生院 | Digital copyright protection method and system for media network application |
| CN101193089B (en) * | 2006-11-20 | 2010-11-03 | 阿里巴巴集团控股有限公司 | Stateful session system and its realization method |
| CN101222488B (en) * | 2007-01-10 | 2010-12-08 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| CN101039182B (en) * | 2007-03-07 | 2010-08-11 | 广东南方信息安全产业基地有限公司 | Authentication system and method for issuing user identification certificate |
| CN101075875B (en) * | 2007-06-14 | 2011-08-31 | 中国电信股份有限公司 | Method and system for realizing monopoint login between gate and system |
| CN101350717B (en) * | 2007-07-18 | 2011-04-27 | 中国移动通信集团公司 | Method and system for logging on third party server through instant communication software |
| CN101159557B (en) * | 2007-11-21 | 2010-09-29 | 华为技术有限公司 | Single point logging method, device and system |
| CN101202753B (en) * | 2007-11-29 | 2010-11-17 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
| CN101207482B (en) * | 2007-12-13 | 2010-07-21 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
| CN101184008B (en) * | 2007-12-14 | 2010-06-09 | 北京中星微电子有限公司 | Remote information access method and device |
| CN101677315B (en) * | 2008-09-16 | 2013-08-07 | 中兴通讯股份有限公司 | Method for dynamically loading application system in C/S structure |
| CN101610157B (en) * | 2009-07-28 | 2012-09-05 | 江苏先安科技有限公司 | System and method for automatically signing with digital certificate in Web form |
| CN102082666B (en) * | 2009-11-26 | 2012-10-03 | 中国移动通信集团公司 | Single login system and method and service management system as well as single login intermediate system |
| CN101794401B (en) * | 2010-01-15 | 2012-01-25 | 华为终端有限公司 | Flash safety starting method and data card |
| CN101800756A (en) * | 2010-04-13 | 2010-08-11 | 恒生电子股份有限公司 | Data positioning method and device |
| CN101938473B (en) * | 2010-08-24 | 2013-09-11 | 北京易恒信认证科技有限公司 | Single-point login system and single-point login method |
| CN102447670A (en) * | 2010-09-30 | 2012-05-09 | 鸿富锦精密工业(深圳)有限公司 | Account verification method |
| CN101989910A (en) * | 2010-12-22 | 2011-03-23 | 北京安天电子设备有限公司 | Multi-system authentication method, device and system |
| CN102075904B (en) | 2010-12-24 | 2015-02-11 | 杭州华三通信技术有限公司 | Method and device for preventing re-authentication of roaming user |
| CN102263784A (en) * | 2011-06-16 | 2011-11-30 | 中兴通讯股份有限公司 | SSO (signal sign on) method and system |
| CN102984115B (en) * | 2011-09-02 | 2016-03-16 | 中国长城计算机深圳股份有限公司 | A kind of network security method and client-server |
| CN103001934B (en) * | 2011-09-16 | 2016-09-07 | 腾讯科技(深圳)有限公司 | The method and system that terminal applies logs in |
| CN102682080B (en) * | 2012-03-31 | 2015-04-29 | 北京奇虎科技有限公司 | Cookie information sharing method and system |
| CN104715186B (en) * | 2012-03-31 | 2019-02-26 | 北京奇虎科技有限公司 | Cookie information sharing method and system |
| CN103218578A (en) * | 2013-03-01 | 2013-07-24 | 东莞宇龙通信科技有限公司 | Terminal and display control method |
| CN103220303B (en) * | 2013-05-06 | 2016-08-31 | 华为软件技术有限公司 | The login method of server and server, authenticating device |
| EP3047628B1 (en) * | 2013-09-20 | 2018-08-29 | Oracle International Corporation | Web-based single sign-on with form-fill proxy application |
| CN103929421A (en) * | 2014-04-03 | 2014-07-16 | 深圳英飞拓科技股份有限公司 | Single sign-on system and method of security and protection system |
| CN104852918A (en) * | 2015-05-15 | 2015-08-19 | 陈建国 | Customized media playing control system |
| CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
| CN105260649B (en) * | 2015-09-28 | 2019-07-16 | 四川长虹电器股份有限公司 | A kind of data processing system and a kind of data processing method |
| CN106209913B (en) * | 2016-08-30 | 2019-07-23 | 江苏天联信息科技发展有限公司 | Data access method and device |
| CN106572076A (en) * | 2016-09-27 | 2017-04-19 | 山东浪潮商用系统有限公司 | Web service access method, client side and server side |
| KR101816650B1 (en) * | 2017-02-21 | 2018-01-09 | 주식회사 코인플러그 | Method for providing simplified account registration service and authentication service, and authentication server using the same |
| JP7087908B2 (en) * | 2018-10-24 | 2022-06-21 | オムロン株式会社 | Control device |
| CN113037686B (en) * | 2019-12-24 | 2022-11-29 | 中国电信股份有限公司 | Multi-database secure communication method and system, computer readable storage medium |
| CN111242590A (en) * | 2020-01-06 | 2020-06-05 | 深圳壹账通智能科技有限公司 | ACS system-based data processing method, system and storage medium |
| CN111447194B (en) * | 2020-03-23 | 2022-03-29 | 格尔软件股份有限公司 | Method for enhancing single sign-on security by using digital certificate |
| CN115412323B (en) * | 2022-08-23 | 2023-07-18 | 江苏云涌电子科技股份有限公司 | Method for accessing multiple applications through single login based on TCM |
| CN115865369A (en) * | 2022-11-24 | 2023-03-28 | 中国联合网络通信集团有限公司 | Identity authentication method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1235448A (en) * | 1998-02-17 | 1999-11-17 | 电话通有限公司 | Centralized certificate management system for two-way interactive communication devices in data networks |
| CN1310410A (en) * | 2000-02-19 | 2001-08-29 | 智才有限公司 | service login |
| CN1312998A (en) * | 1998-08-12 | 2001-09-12 | 凯博帕斯公司 | Access control using attributes contained within public key certificates |
| CN1328735A (en) * | 1998-11-24 | 2001-12-26 | 艾利森电话股份有限公司 | Method and system for securing data objects |
| US20030163733A1 (en) * | 2002-02-28 | 2003-08-28 | Ericsson Telefon Ab L M | System, method and apparatus for federated single sign-on services |
-
2003
- 2003-12-17 CN CNB2003101094811A patent/CN1323508C/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1235448A (en) * | 1998-02-17 | 1999-11-17 | 电话通有限公司 | Centralized certificate management system for two-way interactive communication devices in data networks |
| CN1312998A (en) * | 1998-08-12 | 2001-09-12 | 凯博帕斯公司 | Access control using attributes contained within public key certificates |
| CN1328735A (en) * | 1998-11-24 | 2001-12-26 | 艾利森电话股份有限公司 | Method and system for securing data objects |
| CN1310410A (en) * | 2000-02-19 | 2001-08-29 | 智才有限公司 | service login |
| US20030163733A1 (en) * | 2002-02-28 | 2003-08-28 | Ericsson Telefon Ab L M | System, method and apparatus for federated single sign-on services |
Non-Patent Citations (1)
| Title |
|---|
| 目录服务及其在单点登录中的作用 胡兴志,王纪坤,华北科技学院学报,第4期 2002 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108023874A (en) * | 2017-11-15 | 2018-05-11 | 平安科技(深圳)有限公司 | Calibration equipment, method and the computer-readable recording medium of single-sign-on |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1547343A (en) | 2004-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1323508C (en) | A Single Sign On method based on digital certificate | |
| US10243742B2 (en) | Method and system for accessing a device by a user | |
| Namasudra et al. | Time efficient secure DNA based access control model for cloud computing environment | |
| JP5619019B2 (en) | Method, system, and computer program for authentication (secondary communication channel token-based client-server authentication with a primary authenticated communication channel) | |
| CN111447214B (en) | Method for centralized service of public key and cipher based on fingerprint identification | |
| US5892828A (en) | User presence verification with single password across applications | |
| CN101507233B (en) | Method and apparatus for providing trusted single sign-on access to applications and internet-based services | |
| CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
| US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
| CN110572258B (en) | Cloud password computing platform and computing service method | |
| WO2013101358A1 (en) | System and method for secure network login | |
| CN113067699A (en) | Data sharing method and device based on quantum key and computer equipment | |
| CN105516110A (en) | Mobile equipment secure data transmission method | |
| CN101515947A (en) | Method and system for the quick-speed and safe distribution of file based on P2P | |
| CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
| CN111865609A (en) | Private cloud platform data encryption and decryption system based on state cryptographic algorithm | |
| CN109639711A (en) | A kind of Distributed C AS authentication method based on privately owned chain session id | |
| CN102263784A (en) | SSO (signal sign on) method and system | |
| CN114154181A (en) | Privacy calculation method based on distributed storage | |
| KR102118556B1 (en) | Method for providing private blockchain based privacy information management service | |
| CN114697113B (en) | Multiparty privacy calculation method, device and system based on hardware accelerator card | |
| Zhang et al. | RETRACTED ARTICLE: An identity authentication scheme based on cloud computing environment | |
| CN110620750A (en) | Network security verification method of distributed system | |
| Hammami et al. | Security issues in cloud computing and associated alleviation approaches | |
| KR20030042789A (en) | A trust model for an authentication of a roaming user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070627 Termination date: 20101217 |