CN1547343A - A Single Sign On method based on digital certificate - Google Patents
A Single Sign On method based on digital certificate Download PDFInfo
- Publication number
- CN1547343A CN1547343A CNA2003101094811A CN200310109481A CN1547343A CN 1547343 A CN1547343 A CN 1547343A CN A2003101094811 A CNA2003101094811 A CN A2003101094811A CN 200310109481 A CN200310109481 A CN 200310109481A CN 1547343 A CN1547343 A CN 1547343A
- Authority
- CN
- China
- Prior art keywords
- user
- server
- application
- certificate
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention refers to a method for realizing single point logins based on the digital certification. The invention stores the digital certification and the public and personal key pair in the applied server, the user information is ciphered and stored between the multi application systems through the server public/personal key, it realizes the whole single point logins, safe and reliable. It avoids the user information from lost caused by the session is outdated; it also solves the restrain by the cookies refusing by the user. The user can log in with one time, needn't to input the login information, it is safe and convenient; it has high instruction effect and developing value. The invention especially applicable to the safe improvement of the current multi-application system and the function that controls the login with the user name and password original application system is reserved. It increases the digital certification indentification, the labor is small.
Description
Technical field
The present invention relates to a kind of single-sign-on implementation method, can be used for realizing safe single-sign-on between many application systems, belong to field of information security technology based on digital certificate.
Background technology
For informationization, ecommerce and other demands that realizes enterprise, increasing information system occurs on the net, the network user of these enterprises and system manager have in the face of following these problems: all need to do one-time identity authentication when the user need use wherein any one enterprise to use, and the authentication information (username and password) that authentication is each time used can not guarantee unanimity 1.; 2. the system manager need be provided with a kind of independent security strategy to each system, and need authorize separately to guarantee that they can not visit them and not be authorized to the Internet resources of visiting for the user in each system.Therefore, previously used login system need to be given the system on each machine, or even each application on every machine, prepares a cover user's management system and a system user delegated strategy.Consider the operability and the safety problem of interoperability, the SSO single-sign-on is brought together management with login of the user in all territories of enterprises and user account number, played. reduce the user and in different system, login consumed time, and the user logins the possibility of makeing mistakes; When realizing safety, avoided handling and preserving many cover systems user's authentication information; The time that has reduced system manager's increase, deletion user and revised user right; Increased fail safe, the system manager has also had the better method leading subscriber, comprise and also to claim single-sign-on by directly forbidding and deleting the user and cancel the positive effects such as access rights of this user to all system resources: SSO (Single Sign-On) literal translation for once login.The mechanism of SSO is made one-time identity authentication exactly when enterprise network user capture enterprise web site, just can carry out seamless access to all Internet resources that are authorized to subsequently, and not need repeatedly to import the authentication information of oneself.SSO can improve the network user's operating efficiency, the reduction system probability of makeing mistakes.The benefit of SSO single-sign-on is apparent: but relatively be difficult to realize.At present, the SSO single-sign-on mainly is to provide a kind of authentication information shared mechanism by each tame middleware provider when application server cluster is provided, the implementation that each tame manufacturer provides is also different, and the WebSphere application server of IBM Corporation is by cookies record authentication information.The WebLogic application server of BEA company is realized sharing of authentication information by the session technology of sharing.The apusic application server employing of domestic Shenzhen Kingdee and the technology of BEA company basically identical.Wherein, cookie is a blocks of data that is sent to the login user browser by the Web website, can be stored in the user's computer as anonymous mark, is used for the computer of identifying user, and this requires the client to allow on oneself computer acceptance to deposit cookie.Session also claims session, and its topmost effect is exactly to set up a private variable at some users' special connection, and this variable can transmit between the different pages.Yet, no matter adopt the session technology of sharing or, all have the problem that is difficult for preservation, loses easily by cookies record authentication information.Session consumes resource, also has ageingly usually, in case overtime, information will all be lost; And cookies can only be applied to accept on the browser of cookie, and suitable limitation is arranged.In order to overcome these deficiencies, the present invention proposes a kind of effective implementation method, make user authentication information between different application systems, to transmit safely and effectively, thereby realize the SSO single-sign-on.
Summary of the invention
User authentication information is difficult for problems such as preservation, transmission when the objective of the invention is at single-sign-on, a kind of employing digital certificate is proposed, public affairs/private key techniques combines, log-on message to the user is encrypted, information effective and safe ground transmission method between application system after realizing encrypting, thereby user authentication information is transmitted between different application systems safely and effectively, realize the SSO single-sign-on.
Realize that the maximum difficult point of single-sign-on is to preserve user's log-on message, and it be sent to each application system safely, again according to the user each application system access rights, the control user is to the visit of locked resource.Protection information security the most simple and effective way does not have too and encrypts, and the inventive method adopts digital certificate, public affairs/private key techniques to combine, user login information is encrypted, after the encryption, information just can be between application system safe transfer.Single-sign-on implementation method based on digital certificate proposed by the invention is as follows:
Suitable environment:
1. a plurality of different application systems are arranged in the system, and there is different separately software and hardware running environment in each system, and each application system of supposition all operates in independently on the application server in the inventive method, and the user can pass through client/browser access application system;
2. each user has the digital certificate eKey (letter of identity, signature private key, the cryptographic algorithm that comprise the user among the eKey) of oneself;
3. each user has the authority of visit different application systems, and has different access rights, these authority informations all to be stored in the unified system database in different system;
4. the logon server that has a logic to exist in the environment of the present invention is responsible for realizing user's login feature, and this logon server can be shared identical hardware device with each application server in the reality;
5. also have a certificate server in the environment of the present invention, be in charge of all digital certificates.
Implementation method:
A cover server certificate is issued for each application server in the a.CA center, and it is right correspondingly to generate a pair of public affairs/private key, and certificate and public affairs/private key are to leaving on each application server, only as identification server identity and server end encryption and decryption;
B. the login interface on the user capture browser/client sends logging request to logon server;
C. after the logon server end is received request, generate a random string, be sent to browser/client, require the registrant that this character string is signed;
D. browser/client requires the registrant that digital certificate eKey is provided;
E. the interface that provides of browser/client call number certificate eKey is signed random string;
F. browser/client will be signed and registrant's letter of identity sends to the logon server end;
G. whether the signature of logon server elder generation verified users is effective, if the verification passes, illustrates in the user profile transport process and do not distorted;
H. whether the verified users certificate is effective again for logon server, if certificate is effective, can take out user's unique identification from certificate, and according to the user right information in the unique identification navigation system database;
I. logon server is acted on behalf of main interface all application system inlets will be provided, and determine according to user right whether the user can enter each application system according to the main interface of agency that user right information structuring user logins each application system;
J. the user sends the request of certain application system of visit;
K. logon server is verified the authority information of this system of user capture;
1. after the authority of this system of logon server checking user capture is passed through, from system database, take out this user's user name, password, to the application server at this system place, obtain server certificate and server public key again;
M. logon server is encrypted four kinds of information such as the user name of login user, password, letter of identity, requested application server certificate with the server public key of requested application server, forms the login ciphertext;
N. logon server will be logined ciphertext and send to requested application server;
O. application server is logined ciphertext with the private key deciphering of book server, and information such as the user name of acquisition login user, password, letter of identity will be logined ciphertext to be kept on the book server simultaneously;
P. application server obtains user name, the password of login user from system database according to user's letter of identity;
Q. application server will obtain user name, the password of login user and user name, the password that deciphering obtains from the login ciphertext from system database, and after comparing, the consistent user of comparison logins success, allows user capture;
R. application server is permitted the user capture authorization resources according to the user right that obtains from system database;
S. the user clicks " withdrawing from " button when the application system of visiting switches to the Another Application system, and quitting a program just can bring into operation;
T. quit a program and take out the login ciphertext of preserving, decrypt user's user name, password, letter of identity, use the encrypted private key of book server again, form and withdraw from ciphertext from book server;
U. application server will withdraw from ciphertext and send to logon server, send the request of withdrawing from;
V. logon server withdraws from ciphertext with the PKI deciphering of this application server, obtains user's user name, password, letter of identity;
W. logon server repeating step h, whether the verified users certificate is effective again, if certificate is effective, can from certificate, take out user's unique identification, and according to the user right information in the unique identification navigation system database, re-construct login agent master interface, allow other application systems of user capture, and need not import login name, password once more.
The inventive method Applied Digital certificate and public affairs/private key techniques realize the single-sign-on of many application systems, user profile is transmitted between many application systems, is stored with the ciphertext form, safe and reliable, both avoided in the session technology because the expired user profile that causes of session is lost, solved also that user in the cookies technology refuses cookies and the restriction that is subjected to.The user can once login, and moves between multisystem, need not repeat to import log-on message, has ensured fail safe in easy to use satisfying, and has very high exemplary role and promotional value.The inventive method is specially adapted to existing many application systems are carried out safe transformation, original application system still keeps by the function of user name/password control login, increase the digital certificate authentication on this basis, the retrofit work amount is little, transforms the back user and switches between many application systems, need not the duplication check identity, really having realized " once login; roaming everywhere ", is a kind of safe and practical, simply and easily SSO single-sign-on implementation method.
Description of drawings
Fig. 1 is the inventive method software login interface schematic diagram.Wherein, 1-login interface.
Fig. 2 is the inventive method software login agent master interface schematic diagram.Wherein, 2-software login agent master interface.
Fig. 3 is the inventive method software application system master interface schematic diagram.Wherein, 3-software application system login agent master interface.
Fig. 4 realizes many application systems single-point logging method flow chart for the present invention.Wherein, 4-begins; 5-user sends logging request; The 6-logon server generates at random under the passage and passes to client; The 7-client is issued logon server with registrant's private key in the lump to the signature of literal at random and with the certificate number of oneself; Whether 8-logon server signature verification is successful; 9-refuses login; Whether 10-logon server verification certificate is effective; 11-refuses login; The 12-logon server obtains the authority of each application system of user capture, structure login agent interface; 13-user sends the request of certain application system of visit; The authority that 14-logon server verified users is visited this system; The 15-denied access; The 16-logon server is encrypted information such as user name, password, letter of identity and is sent application server to the server public key that is requested to visit; The 17-application server decrypts information such as user name, password; 18-application system user (asu) name, password verification; The 19-denied access; The 20-using system; 21-logs off; The 22-application server sends to logon server with user's user name, password, the letter of identity encrypted private key with book server; The 23-logon server decrypts user name, password, letter of identity.
Embodiment
Describe the embodiment of the invention in detail below in conjunction with accompanying drawing.
Embodiment
Adopt this method to realize single-sign-on between a plurality of different application systems, suppose at first that each application system is former to exist, and all adopt the method for checking user name, password to login verification.After method begins 4, user capture login interface 1, browser sends logging request to logon server, logon server generates random string S, and random string S beamed back browser, the prompting user signs to random string S, the user provides digital certificate eKey, enter password, adopt the HASH algorithm that character string S is signed among the digital certificate eKey, obtain login ciphertext E1, the letter of identity that browser will be logined ciphertext E1 and user sends to logon server, server decrypting ciphertext E1, certifying signature and certificate, checking is by access system data storehouse, back, construct this user's authority information, and then according to authority information tectonic system login agent master interface 2, and each application system bright-dark degree difference, whether the hint user addressable this system.After the application system that the user selects to visit, send access request, logon server checking user's access rights, after checking is passed through, from system database, take out user name, password, reinstate requested application server public key encryption with user certificate one, form visit ciphertext E2, be sent to this application server, application server at first will be visited ciphertext and will be kept on the book server, use the private key decrypting ciphertext E2 of oneself again, obtain original user name, password and user certificate, use user name then, the visit verification done in password, and verification just can be visited own authorized resource in this application system by the back user, shown in application system master interface 3.When the user needs the switch application system, click " withdrawing from ", quit a program and take out the visit ciphertext E2 that preserves, the deciphering back obtains user's user name, password, letter of identity, again with the encrypted private key of these information with book server, ciphertext E3 is withdrawed from formation, send to logon server, logon server application server PKI decrypting ciphertext E3, obtain user's user name, password, letter of identity, verify user's certificate again, structure login agent master interface, the user acts on behalf of main interface 2 with regard to having returned system login again like this, and other application systems again can conduct interviews.The single-sign-on idiographic flow is as follows between a plurality of different application systems: after method begins 4, the user sends logging request 5, logon server generates passage at random, under pass to client 6, client with the registrant private key to literal signature at random, and the certificate number of oneself issued logon server 7 in the lump, if the whether success 8 of logon server signature verification is unsuccessful, then the refusal login 9, if sign successfully, whether logon server verification certificate is effective 10, if unsuccessful, then the refusal login 11, if success, logon server obtains the authority of each application system of user capture, structure login agent interface 12.Then, the user sends the request 13 of certain application system of visit, the logon server verified users is visited the authority 14 of this system, if it is unsuccessful, then denied access 15, if success, logon server is encrypted information such as user name, password, letter of identity and is sent application server 16 to the server public key that is requested to visit, application server decrypts information 17 such as user name, password, and by application system to user name, password verification 18, if unsuccessful, then denied access 19, if success, then using system 20.When withdrawing from using system 21, the encrypted private key of book server used user's user name, password, letter of identity by application server, send to logon server 22, logon server decrypts user name, password, letter of identity 23, passes to logon server verification certificate whether effective 10 again.The whole flow process of method is complete effectively.Adopt the inventive method, the user only needs once login, when switching between different application systems, need not re-enter authorization informations such as the user name and password, these information quilts are encrypting storing safely, between each system, transmit, neither can lose, also can not divulge a secret, to client also without any specific (special) requirements, and implement and need not do a large amount of changes to original application system, simple, have excellent popularization and be worth.
Claims (1)
1, a kind of single-sign-on implementation method based on digital certificate, the digital certificate, public affairs/private key techniques, the log-on message that comprise employing are encrypted and suitable environment: a plurality of different application systems are arranged in the system, there is different separately software and hardware running environment in each system, and supposing that each application system all operates in independently on the application server, the user can pass through client/browser access application system; Each user has user identity certificate, the signature private key of oneself, the digital certificate eKey of cryptographic algorithm; Each user has the authority of visit different application systems, and has different access rights, authority information to be stored in the unified system database in different system; The logon server that has a logic to exist in the environment is responsible for realizing user's login feature, and this logon server can be shared identical hardware device with each application server in the reality; Also have a certificate server in the environment, be in charge of all digital certificates, it is characterized in that the single-sign-on implementation method is as follows:
A cover server certificate is issued for each application server in the a.CA center, and it is right correspondingly to generate a pair of public affairs/private key, and certificate and public affairs/private key are to leaving on each application server, only as identification server identity and server end encryption and decryption;
B. the login interface on the user capture browser/client sends logging request to logon server;
C. after the logon server end is received request, generate a random string, be sent to browser/client, require the registrant that this character string is signed;
D. browser/client requires the registrant that digital certificate eKey is provided;
E. the interface that provides of browser/client call number certificate eKey is signed random string;
F. browser/client will be signed and registrant's letter of identity sends to the logon server end;
G. whether the signature of logon server elder generation verified users is effective, if the verification passes, illustrates in the user profile transport process and do not distorted;
H. whether effective the verified users certificate is again for logon server, if certificate is effective, can take out user's unique identification from certificate, and according to the user right information in the unique identification navigation system database;
I. logon server is acted on behalf of main interface all application system inlets will be provided, and determine according to user right whether the user can enter each application system according to the main interface of agency that user right information structuring user logins each application system;
J. the user sends the request of certain application system of visit;
K. logon server is verified the authority information of this system of user capture;
L. after the authority of this system of logon server checking user capture is passed through, from system database, take out this user's user name, password, to the application server at this system place, obtain server certificate and server public key again;
M. logon server is encrypted four sample information such as the user name of login user, password, letter of identity, requested application server certificate with the server public key of requested application server, forms the login ciphertext;
N. logon server will be logined ciphertext and send to requested application server;
O. application server is logined ciphertext with the private key deciphering of book server, and information such as the user name of acquisition login user, password, letter of identity will be logined ciphertext to be kept on the book server simultaneously;
P. application server obtains user name, the password of login user from system database according to user's letter of identity;
Q. application server will obtain user name, the password of login user and user name, the password that deciphering obtains from the login ciphertext from system database, and after comparing, the consistent user of comparison logins success, allows user capture;
R. application server is permitted the user capture authorization resources according to the user right that obtains from system database;
When s. the user will switch to the Another Application system from the application system of visiting, click " withdrawing from " button, quitting a program just can bring into operation;
T. quit a program and take out the login ciphertext of preserving, decrypt user's user name, password, letter of identity, use the encrypted private key of book server again, form and withdraw from ciphertext from book server;
U. application server will withdraw from ciphertext and send to logon server, send the request of withdrawing from;
V. logon server withdraws from ciphertext with the PKI deciphering of this application server, obtains user's user name, password, letter of identity;
W. logon server repeating step h, whether the verified users certificate is effective again, if certificate is effective, can from certificate, take out user's unique identification, and according to the user right information in the unique identification navigation system database, re-construct login agent master interface, allow other application systems of user capture, and need not import login name, password once more.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101094811A CN1323508C (en) | 2003-12-17 | 2003-12-17 | A Single Sign On method based on digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101094811A CN1323508C (en) | 2003-12-17 | 2003-12-17 | A Single Sign On method based on digital certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1547343A true CN1547343A (en) | 2004-11-17 |
| CN1323508C CN1323508C (en) | 2007-06-27 |
Family
ID=34335229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101094811A Expired - Fee Related CN1323508C (en) | 2003-12-17 | 2003-12-17 | A Single Sign On method based on digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1323508C (en) |
Cited By (46)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7596562B2 (en) | 2006-01-24 | 2009-09-29 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | System and method for managing access control list of computer systems |
| CN101677315A (en) * | 2008-09-16 | 2010-03-24 | 中兴通讯股份有限公司 | Method for dynamically loading application system in C/S structure |
| CN1937495B (en) * | 2006-09-29 | 2010-05-12 | 清华大学深圳研究生院 | Digital copyright protection method and system for media network application |
| CN101051900B (en) * | 2006-06-20 | 2010-05-12 | 华为技术有限公司 | Method for correcting accession information by network |
| CN101184008B (en) * | 2007-12-14 | 2010-06-09 | 北京中星微电子有限公司 | Remote information access method and device |
| CN101207482B (en) * | 2007-12-13 | 2010-07-21 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
| CN101800756A (en) * | 2010-04-13 | 2010-08-11 | 恒生电子股份有限公司 | Data positioning method and device |
| CN101039182B (en) * | 2007-03-07 | 2010-08-11 | 广东南方信息安全产业基地有限公司 | Authentication system and method for issuing user identification certificate |
| CN101159557B (en) * | 2007-11-21 | 2010-09-29 | 华为技术有限公司 | Single point logging method, device and system |
| CN101193089B (en) * | 2006-11-20 | 2010-11-03 | 阿里巴巴集团控股有限公司 | Stateful session system and its realization method |
| CN101202753B (en) * | 2007-11-29 | 2010-11-17 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
| CN101222488B (en) * | 2007-01-10 | 2010-12-08 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| CN101938473A (en) * | 2010-08-24 | 2011-01-05 | 北京易恒信认证科技有限公司 | Single-point login system and single-point login method |
| CN101989910A (en) * | 2010-12-22 | 2011-03-23 | 北京安天电子设备有限公司 | Multi-system authentication method, device and system |
| CN101350717B (en) * | 2007-07-18 | 2011-04-27 | 中国移动通信集团公司 | Method and system for logging on third party server through instant communication software |
| CN101167304B (en) * | 2005-04-22 | 2011-06-08 | 微软公司 | Credential interface |
| CN1835438B (en) * | 2006-03-22 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method of realizing single time accession between websites and website thereof |
| CN101075875B (en) * | 2007-06-14 | 2011-08-31 | 中国电信股份有限公司 | Method and system for realizing monopoint login between gate and system |
| CN101310286B (en) * | 2005-11-24 | 2011-12-14 | 国际商业机器公司 | Improved single sign on |
| CN101473589B (en) * | 2006-03-31 | 2011-12-28 | 亚马逊技术有限公司 | Enhanced security for electronic communications |
| CN101794401B (en) * | 2010-01-15 | 2012-01-25 | 华为终端有限公司 | Flash safety starting method and data card |
| CN102447670A (en) * | 2010-09-30 | 2012-05-09 | 鸿富锦精密工业(深圳)有限公司 | Account verification method |
| CN101610157B (en) * | 2009-07-28 | 2012-09-05 | 江苏先安科技有限公司 | System and method for automatically signing with digital certificate in Web form |
| CN102682080A (en) * | 2012-03-31 | 2012-09-19 | 奇智软件(北京)有限公司 | Cookie information sharing method and system |
| WO2012126350A1 (en) * | 2011-03-21 | 2012-09-27 | 北京书生国际信息技术有限公司 | Method, system, log-in device, and application software unit for logging in to document library system |
| CN102082666B (en) * | 2009-11-26 | 2012-10-03 | 中国移动通信集团公司 | Single login system and method and service management system as well as single login intermediate system |
| WO2012171419A1 (en) * | 2011-06-16 | 2012-12-20 | 中兴通讯股份有限公司 | Single sign-on method and system |
| CN102984115A (en) * | 2011-09-02 | 2013-03-20 | 中国长城计算机深圳股份有限公司 | A method, a client and a server for network security |
| CN103001934A (en) * | 2011-09-16 | 2013-03-27 | 腾讯科技(深圳)有限公司 | Terminal application login method and terminal application login system |
| CN103218578A (en) * | 2013-03-01 | 2013-07-24 | 东莞宇龙通信科技有限公司 | Terminal and display control method |
| CN103220303A (en) * | 2013-05-06 | 2013-07-24 | 华为软件技术有限公司 | Server login method, server and authentication equipment |
| CN103929421A (en) * | 2014-04-03 | 2014-07-16 | 深圳英飞拓科技股份有限公司 | Single sign-on system and method of security and protection system |
| CN104715186A (en) * | 2012-03-31 | 2015-06-17 | 北京奇虎科技有限公司 | Cookie information sharing method and system |
| CN104852918A (en) * | 2015-05-15 | 2015-08-19 | 陈建国 | Customized media playing control system |
| US9173082B2 (en) | 2010-12-24 | 2015-10-27 | Hangzhou H3C Technologies Co., Ltd. | Preventing roaming user terminal re-authentication |
| CN105260649A (en) * | 2015-09-28 | 2016-01-20 | 四川长虹电器股份有限公司 | Data processing system and data processing method |
| CN105684388A (en) * | 2013-09-20 | 2016-06-15 | 甲骨文国际公司 | Web-based single sign-on with form-fill proxy application |
| CN106209913A (en) * | 2016-08-30 | 2016-12-07 | 江苏天联信息科技发展有限公司 | Data access method and device |
| CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
| CN106572076A (en) * | 2016-09-27 | 2017-04-19 | 山东浪潮商用系统有限公司 | Web service access method, client side and server side |
| CN110291757A (en) * | 2017-02-21 | 2019-09-27 | 科因普拉格株式会社 | For providing the method for simplified account register service, user authentication service and utilizing its certificate server |
| CN111242590A (en) * | 2020-01-06 | 2020-06-05 | 深圳壹账通智能科技有限公司 | ACS system-based data processing method, system and storage medium |
| CN111447194A (en) * | 2020-03-23 | 2020-07-24 | 格尔软件股份有限公司 | Method for enhancing single sign-on security by using digital certificate |
| CN112654988A (en) * | 2018-10-24 | 2021-04-13 | 欧姆龙株式会社 | Control device |
| CN113037686A (en) * | 2019-12-24 | 2021-06-25 | 中国电信股份有限公司 | Multi-database secure communication method and system, computer readable storage medium |
| CN115412323A (en) * | 2022-08-23 | 2022-11-29 | 江苏云涌电子科技股份有限公司 | Method for accessing multiple applications through single login based on TCM |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108023874B (en) * | 2017-11-15 | 2020-11-03 | 平安科技(深圳)有限公司 | Single sign-on verification device and method and computer readable storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6233577B1 (en) * | 1998-02-17 | 2001-05-15 | Phone.Com, Inc. | Centralized certificate management system for two-way interactive communication devices in data networks |
| US6484258B1 (en) * | 1998-08-12 | 2002-11-19 | Kyber Pass Corporation | Access control using attributes contained within public key certificates |
| EP1133854A1 (en) * | 1998-11-24 | 2001-09-19 | Telefonaktiebolaget LM Ericsson (publ) | Method and system for securing data objects |
| HK1023695A2 (en) * | 2000-02-19 | 2000-08-11 | Nice Talent Ltd | Service sign on |
| US7221935B2 (en) * | 2002-02-28 | 2007-05-22 | Telefonaktiebolaget Lm Ericsson (Publ) | System, method and apparatus for federated single sign-on services |
-
2003
- 2003-12-17 CN CNB2003101094811A patent/CN1323508C/en not_active Expired - Fee Related
Cited By (61)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101167304B (en) * | 2005-04-22 | 2011-06-08 | 微软公司 | Credential interface |
| CN101310286B (en) * | 2005-11-24 | 2011-12-14 | 国际商业机器公司 | Improved single sign on |
| US7596562B2 (en) | 2006-01-24 | 2009-09-29 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | System and method for managing access control list of computer systems |
| US8589442B2 (en) | 2006-03-22 | 2013-11-19 | Alibaba Group Holding Limited | Intersystem single sign-on |
| US8250095B2 (en) | 2006-03-22 | 2012-08-21 | Alibaba Group Holding Limited | Intersystem single sign-on |
| CN1835438B (en) * | 2006-03-22 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method of realizing single time accession between websites and website thereof |
| CN101473589B (en) * | 2006-03-31 | 2011-12-28 | 亚马逊技术有限公司 | Enhanced security for electronic communications |
| CN101051900B (en) * | 2006-06-20 | 2010-05-12 | 华为技术有限公司 | Method for correcting accession information by network |
| CN1937495B (en) * | 2006-09-29 | 2010-05-12 | 清华大学深圳研究生院 | Digital copyright protection method and system for media network application |
| CN101193089B (en) * | 2006-11-20 | 2010-11-03 | 阿里巴巴集团控股有限公司 | Stateful session system and its realization method |
| CN101222488B (en) * | 2007-01-10 | 2010-12-08 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| CN101039182B (en) * | 2007-03-07 | 2010-08-11 | 广东南方信息安全产业基地有限公司 | Authentication system and method for issuing user identification certificate |
| CN101075875B (en) * | 2007-06-14 | 2011-08-31 | 中国电信股份有限公司 | Method and system for realizing monopoint login between gate and system |
| CN101350717B (en) * | 2007-07-18 | 2011-04-27 | 中国移动通信集团公司 | Method and system for logging on third party server through instant communication software |
| CN101159557B (en) * | 2007-11-21 | 2010-09-29 | 华为技术有限公司 | Single point logging method, device and system |
| CN101202753B (en) * | 2007-11-29 | 2010-11-17 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
| CN101207482B (en) * | 2007-12-13 | 2010-07-21 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
| CN101184008B (en) * | 2007-12-14 | 2010-06-09 | 北京中星微电子有限公司 | Remote information access method and device |
| CN101677315A (en) * | 2008-09-16 | 2010-03-24 | 中兴通讯股份有限公司 | Method for dynamically loading application system in C/S structure |
| CN101677315B (en) * | 2008-09-16 | 2013-08-07 | 中兴通讯股份有限公司 | Method for dynamically loading application system in C/S structure |
| CN101610157B (en) * | 2009-07-28 | 2012-09-05 | 江苏先安科技有限公司 | System and method for automatically signing with digital certificate in Web form |
| CN102082666B (en) * | 2009-11-26 | 2012-10-03 | 中国移动通信集团公司 | Single login system and method and service management system as well as single login intermediate system |
| CN101794401B (en) * | 2010-01-15 | 2012-01-25 | 华为终端有限公司 | Flash safety starting method and data card |
| CN101800756A (en) * | 2010-04-13 | 2010-08-11 | 恒生电子股份有限公司 | Data positioning method and device |
| CN101938473A (en) * | 2010-08-24 | 2011-01-05 | 北京易恒信认证科技有限公司 | Single-point login system and single-point login method |
| CN101938473B (en) * | 2010-08-24 | 2013-09-11 | 北京易恒信认证科技有限公司 | Single-point login system and single-point login method |
| CN102447670A (en) * | 2010-09-30 | 2012-05-09 | 鸿富锦精密工业(深圳)有限公司 | Account verification method |
| CN101989910A (en) * | 2010-12-22 | 2011-03-23 | 北京安天电子设备有限公司 | Multi-system authentication method, device and system |
| US9173082B2 (en) | 2010-12-24 | 2015-10-27 | Hangzhou H3C Technologies Co., Ltd. | Preventing roaming user terminal re-authentication |
| WO2012126350A1 (en) * | 2011-03-21 | 2012-09-27 | 北京书生国际信息技术有限公司 | Method, system, log-in device, and application software unit for logging in to document library system |
| WO2012171419A1 (en) * | 2011-06-16 | 2012-12-20 | 中兴通讯股份有限公司 | Single sign-on method and system |
| CN102984115A (en) * | 2011-09-02 | 2013-03-20 | 中国长城计算机深圳股份有限公司 | A method, a client and a server for network security |
| CN103001934A (en) * | 2011-09-16 | 2013-03-27 | 腾讯科技(深圳)有限公司 | Terminal application login method and terminal application login system |
| CN103001934B (en) * | 2011-09-16 | 2016-09-07 | 腾讯科技(深圳)有限公司 | The method and system that terminal applies logs in |
| CN102682080A (en) * | 2012-03-31 | 2012-09-19 | 奇智软件(北京)有限公司 | Cookie information sharing method and system |
| CN104715186B (en) * | 2012-03-31 | 2019-02-26 | 北京奇虎科技有限公司 | Cookie information sharing method and system |
| CN102682080B (en) * | 2012-03-31 | 2015-04-29 | 北京奇虎科技有限公司 | Cookie information sharing method and system |
| CN104715186A (en) * | 2012-03-31 | 2015-06-17 | 北京奇虎科技有限公司 | Cookie information sharing method and system |
| CN103218578A (en) * | 2013-03-01 | 2013-07-24 | 东莞宇龙通信科技有限公司 | Terminal and display control method |
| CN103220303B (en) * | 2013-05-06 | 2016-08-31 | 华为软件技术有限公司 | The login method of server and server, authenticating device |
| CN103220303A (en) * | 2013-05-06 | 2013-07-24 | 华为软件技术有限公司 | Server login method, server and authentication equipment |
| CN105684388B (en) * | 2013-09-20 | 2019-04-09 | 甲骨文国际公司 | Utilize the network-based single-sign-on of form filling agent application |
| CN105684388A (en) * | 2013-09-20 | 2016-06-15 | 甲骨文国际公司 | Web-based single sign-on with form-fill proxy application |
| US10693865B2 (en) | 2013-09-20 | 2020-06-23 | Oracle International Corporation | Web-based interface integration for single sign-on |
| US10225244B2 (en) | 2013-09-20 | 2019-03-05 | Oracle International Corporation | Web-based interface integration for single sign-on |
| CN103929421A (en) * | 2014-04-03 | 2014-07-16 | 深圳英飞拓科技股份有限公司 | Single sign-on system and method of security and protection system |
| CN104852918A (en) * | 2015-05-15 | 2015-08-19 | 陈建国 | Customized media playing control system |
| CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
| CN105260649A (en) * | 2015-09-28 | 2016-01-20 | 四川长虹电器股份有限公司 | Data processing system and data processing method |
| CN106209913A (en) * | 2016-08-30 | 2016-12-07 | 江苏天联信息科技发展有限公司 | Data access method and device |
| CN106209913B (en) * | 2016-08-30 | 2019-07-23 | 江苏天联信息科技发展有限公司 | Data access method and device |
| CN106572076A (en) * | 2016-09-27 | 2017-04-19 | 山东浪潮商用系统有限公司 | Web service access method, client side and server side |
| CN110291757A (en) * | 2017-02-21 | 2019-09-27 | 科因普拉格株式会社 | For providing the method for simplified account register service, user authentication service and utilizing its certificate server |
| CN110291757B (en) * | 2017-02-21 | 2022-08-09 | 科因普拉格株式会社 | Method for providing simplified account registration service, user authentication service, and authentication server using the same |
| CN112654988A (en) * | 2018-10-24 | 2021-04-13 | 欧姆龙株式会社 | Control device |
| CN113037686A (en) * | 2019-12-24 | 2021-06-25 | 中国电信股份有限公司 | Multi-database secure communication method and system, computer readable storage medium |
| CN113037686B (en) * | 2019-12-24 | 2022-11-29 | 中国电信股份有限公司 | Multi-database secure communication method and system, computer readable storage medium |
| CN111242590A (en) * | 2020-01-06 | 2020-06-05 | 深圳壹账通智能科技有限公司 | ACS system-based data processing method, system and storage medium |
| CN111447194A (en) * | 2020-03-23 | 2020-07-24 | 格尔软件股份有限公司 | Method for enhancing single sign-on security by using digital certificate |
| CN111447194B (en) * | 2020-03-23 | 2022-03-29 | 格尔软件股份有限公司 | Method for enhancing single sign-on security by using digital certificate |
| CN115412323A (en) * | 2022-08-23 | 2022-11-29 | 江苏云涌电子科技股份有限公司 | Method for accessing multiple applications through single login based on TCM |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1323508C (en) | 2007-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1323508C (en) | A Single Sign On method based on digital certificate | |
| CN111783075B (en) | Authority management method, device and medium based on secret key and electronic equipment | |
| US9917829B1 (en) | Method and apparatus for providing a conditional single sign on | |
| RU2670778C1 (en) | Forming the key depending on the parameter | |
| CN109327481B (en) | Block chain-based unified online authentication method and system for whole network | |
| JP5619019B2 (en) | Method, system, and computer program for authentication (secondary communication channel token-based client-server authentication with a primary authenticated communication channel) | |
| US6801998B1 (en) | Method and apparatus for presenting anonymous group names | |
| US20030217288A1 (en) | Session key secruity protocol | |
| US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
| CN1855814A (en) | Safety uniform certificate verification design | |
| CN106254324A (en) | A kind of encryption method storing file and device | |
| CN1274105C (en) | Dynamic password authentication method based on digital certificate implement | |
| CN1881879A (en) | Public key framework and method for checking user | |
| US8140853B2 (en) | Mutually excluded security managers | |
| CN1787513A (en) | System and method for safety remote access | |
| MXPA04003226A (en) | Method and system for providing client privacy when requesting content from a public server. | |
| US20120072972A1 (en) | Secondary credentials for batch system | |
| CN1930850A (en) | An apparatus, computer-readable memory and method for authenticating and authorizing a service request sent from a service client to a service provider | |
| Selvamani et al. | A review on cloud data security and its mitigation techniques | |
| Tayade | Mobile cloud computing: Issues, security, advantages, trends | |
| CN115333840B (en) | Resource access method, system, equipment and storage medium | |
| CN1889081A (en) | Data base safety access method and system | |
| CN102263784A (en) | SSO (signal sign on) method and system | |
| CN101064611A (en) | Application integration method based on register and call control | |
| CN1329418A (en) | Method for authenticating network user identity and method for overcoming user password loophole in Kerberous authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070627 Termination date: 20101217 |