TW201824887A - System for using authentication server to implement free login in server group and method thereof - Google Patents

System for using authentication server to implement free login in server group and method thereof Download PDF

Info

Publication number
TW201824887A
TW201824887A TW105143359A TW105143359A TW201824887A TW 201824887 A TW201824887 A TW 201824887A TW 105143359 A TW105143359 A TW 105143359A TW 105143359 A TW105143359 A TW 105143359A TW 201824887 A TW201824887 A TW 201824887A
Authority
TW
Taiwan
Prior art keywords
client
authentication
server
service
authentication server
Prior art date
Application number
TW105143359A
Other languages
Chinese (zh)
Inventor
陳龍
Original Assignee
英業達股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英業達股份有限公司 filed Critical 英業達股份有限公司
Priority to TW105143359A priority Critical patent/TW201824887A/en
Publication of TW201824887A publication Critical patent/TW201824887A/en

Links

Abstract

A system for using an authentication server to implement free login in a server group and a method thereof are provided. By connecting to an authentication server to inquire whether a client is certified by a business server when the client connects to the business server, serving the client by the business server if the client is certified, re-directing the client to connect to the authentication server by the business server for completing certification if the client is not certified, and re-directing the client to connect to the business server by the authentication server for reconnecting the client and the business, the system and the method can reducing the complexity and loading of single sign-on, and can achieve the effect of improving authentication efficiency.

Description

以認證伺服器在伺服群組中實現免登入之系統及其方法System and method for implementing login-free system in authentication group by authentication server

一種單點登入多伺服器之系統及其方法,特別係指一種以認證伺服器在伺服群組中實現免登入之系統及其方法。A system and method for single sign-on multi-server, in particular, a system and method for implementing login-free in a servo group by an authentication server.

單點登入(Single Sign-on, SSO)是一種方便使用者訪問多個伺服器的機制,使用者只需在一個伺服器上進行一次認證,就可以在其他的伺服器之間自由穿梭,不必重複輸入認證資料進行認證作業。Single Sign-on (SSO) is a mechanism for users to access multiple servers. Users only need to authenticate once on one server, and they can freely shuttle between other servers. Repeat the input of the certification data for the certification operation.

單點登入機制減少了連線到不同伺服器時需要登入的繁瑣手續,尤其是當使用不方便按鍵輸入的智慧型手機或平板電腦等裝置時,更可以減少輸入的時間,因此可以提高工作效率。但是單點登入機制卻並不容易實現。目前各家廠商所提供的實現方式也不盡相同。例如有廠商是以cookies記錄使用者的認證資訊,藉以提供各個伺服器共用認證資訊,也有的廠商是以session共用技術來讓各個伺服器共用認證資訊,藉以達到單點登入的功能。The single sign-on mechanism reduces the cumbersome procedures required to log in to different servers, especially when using devices such as smart phones or tablets that are not convenient for key input, which reduces input time and therefore improves work efficiency. . But the single sign-on mechanism is not easy to implement. At present, the implementation methods provided by various manufacturers are not the same. For example, some manufacturers use cookies to record user authentication information, so as to provide authentication information for each server. Some vendors use session sharing technology to allow each server to share authentication information, so as to achieve single sign-on.

然而,上述之兩種實現單點登入的方式在目前雖然都可以稱為成熟產品,但多少都存在缺陷。cookie是一種客戶端機制,它記錄的內容主要包括名字、值、過期時間、路徑和網域,路徑與網域合起來就構成了cookie的作用範圍,因此必須在相同的作用範圍(網域)之內才可以使用cookie來實現單點登入;session是一種伺服端機制,當客戶端訪問伺服器時,伺服器會為客戶端建立一個唯一的通信期識別碼(Session Identification, SSID),之後,客戶端與伺服器在傳遞資料的過程中會一直傳送保持通信期識別碼狀態的訊號,藉以讓通信期識別碼一直有效的存在,因此雖然使用session的方式可以跨越不同的網域來實現單點登入,但使用session的單點登入技術較為複雜,且伺服器需要使用額外的資源來記錄與處理客戶端的資料,所以,使用session的單點登入技術會增加開發伺服器時的負擔,同時也會增加伺服器在運行時的負載。However, the above two ways of implementing single sign-on can be called mature products, but they are all flawed. A cookie is a client mechanism. The content of the record mainly includes the name, value, expiration time, path, and domain. The combination of the path and the domain constitutes the scope of the cookie, so it must be in the same scope (domain). A cookie can be used to implement single sign-on; session is a server mechanism. When a client accesses a server, the server creates a unique session identification (SSID) for the client. The client and the server will always transmit the signal of maintaining the status of the communication period identifier during the process of transmitting the data, so that the communication period identification code is always valid, so although the session method can be used to implement a single point across different domains. Login, but the single sign-on technology using session is more complicated, and the server needs to use additional resources to record and process the client's data. Therefore, the single sign-on technology using session will increase the burden of developing the server, and also Increase the load of the server while it is running.

綜上所述,可知先前技術中長期以來一直存在目前的單點登入技術的開發複雜度較高且運行負載較大的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the prior art single-point login technology has long been complicated to develop and has a large operational load. Therefore, it is necessary to propose an improved technical means to solve this problem.

有鑒於先前技術存在單點登入技術的開發複雜度較高且運行負載較大的問題,本發明遂揭露一種以認證伺服器在伺服群組中實現免登入之系統及其方法,其中:In view of the prior art, there is a problem that the development complexity of the single sign-on technology is high and the running load is large, and the present invention discloses a system and method for implementing the login-free system in the servo group by the authentication server, wherein:

本發明所揭露之以認證伺服器在伺服群組中實現免登入之系統,至少包含:客戶端;認證伺服器,用以判斷客戶端是否通過認證;業務伺服器,用以接收客戶端所傳送之請求目標,並連線至認證伺服器以查詢客戶端是否通過認證,當客戶端未通過認證時,業務伺服器重新導向客戶端連線至認證伺服器,當客戶端已通過認證時,業務伺服器提供客戶端與請求目標對應之服務;其中,客戶端更用以於被重新導向至認證伺服器後,傳送認證資料至認證伺服器,使認證伺服器依據認證資料判斷客戶端通過認證後,重新導向客戶端連線至業務伺服器。The invention discloses that the authentication server implements the login-free system in the servo group, and at least includes: a client; an authentication server, configured to determine whether the client passes the authentication; and a service server, configured to receive the client to transmit Request the target and connect to the authentication server to check whether the client passes the authentication. When the client fails the authentication, the service server redirects the client to the authentication server. When the client has passed the authentication, the service The server provides a service corresponding to the client's request target. The client is further configured to transmit the authentication data to the authentication server after being redirected to the authentication server, so that the authentication server determines that the client passes the authentication according to the authentication data. , redirect the client to the service server.

本發明所揭露之以認證伺服器在伺服群組中實現免登入之方法,其步驟至少包括:客戶端傳送請求目標至業務伺服器;業務伺服器連線至認證伺服器查詢客戶端是否通過認證;當客戶端未通過認證時,業務伺服器重新導向客戶端連線至認證伺服器;客戶端傳送認證資料至認證伺服器;認證伺服器依據認證資料判斷客戶端通過認證後,重新導向客戶端連線至業務伺服器;當客戶端已通過認證時,業務伺服器提供客戶端與請求目標對應之服務。The method disclosed in the present invention is that the authentication server implements the login-free method in the servo group, and the steps include at least: the client transmits the request target to the service server; and the service server connects to the authentication server to query whether the client passes the authentication. When the client fails the authentication, the service server redirects the client to the authentication server; the client transmits the authentication data to the authentication server; the authentication server determines that the client passes the authentication and then redirects to the client according to the authentication data. Connect to the service server; when the client has been authenticated, the service server provides the client with the service corresponding to the request target.

本發明所揭露之系統與方法如上,與先前技術之間的差異在於本發明透過在客戶端連線到業務伺服器時,業務伺服器連線至認證伺服器查詢客戶端是否已通過認證,若是,則業務伺服器服務客戶端,若否,則業務伺服器重新導向客戶端至認證伺服器完成認證,並由認證伺服器將客戶端重新導向回業務伺服器,使客戶端重新與業務伺服器連線,藉以解決先前技術所存在的問題,並可以達成提高認證效率的技術功效。The system and method disclosed in the present invention are as above, and the difference from the prior art is that the present invention connects to the authentication server to query whether the client has passed the authentication when the client is connected to the service server, if , the service server service client, if not, the service server redirects the client to the authentication server to complete the authentication, and the authentication server redirects the client back to the service server, so that the client re-services with the service server. Connected to solve the problems of the prior art, and can achieve the technical effect of improving the efficiency of certification.

以下將配合圖式及實施例來詳細說明本發明之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本發明解決技術問題所應用的技術手段並據以實施,藉此實現本發明可達成的功效。The features and embodiments of the present invention will be described in detail below with reference to the drawings and embodiments, which are sufficient to enable those skilled in the art to fully understand the technical means to which the present invention solves the technical problems, and The achievable effects of the present invention.

本發明可以在客戶端向多個不同的業務伺服器請求服務時,讓業務伺服器依據客戶端所傳送之請求中所包含的識別資料連線至認證伺服器判斷客戶端是否已在認證伺服器上完成登入,使得客戶端只需要在連線到第一個業務伺服器時進行登入,可以不需要再次登入之後所連線的其他業務伺服器。When the client requests a service from a plurality of different service servers, the service server allows the service server to connect to the authentication server according to the identification data contained in the request transmitted by the client to determine whether the client is already in the authentication server. The login is completed, so that the client only needs to log in when connecting to the first service server, and there is no need to log in to other service servers after being logged in again.

以下先以「第1圖」本發明所提之以認證伺服器在伺服群組中實現免登入之系統架構圖來說明本發明的系統運作。如「第1圖」所示,本發明之系統含有客戶端110、認證伺服器120、以及業務伺服器130。In the following, the system operation of the present invention will be described with reference to the system architecture diagram of the present invention in which the authentication server implements the login-free system in the servo group. As shown in "FIG. 1", the system of the present invention includes a client 110, an authentication server 120, and a service server 130.

客戶端110具有識別資料。客戶端110之識別資料為可以識別不同客戶端110的資料,通常是由任意數量的文字、數字或符號等字符任意排列而成,包含但不限於客戶端110的網路位址、客戶端110的MAC位址、客戶端110的序號、設置於客戶端110內之硬體元件的序號、認證伺服器120提供給客戶端110的識別碼、客戶端110登入認證伺服器120的帳號等。The client 110 has identification data. The identification data of the client 110 is data that can identify different clients 110, and is usually arbitrarily arranged by any number of characters, numbers or symbols, including but not limited to the network address of the client 110, and the client 110. The MAC address, the serial number of the client 110, the serial number of the hardware component set in the client 110, the identification code provided by the authentication server 120 to the client 110, the account number of the client 110 logging in to the authentication server 120, and the like.

客戶端110負責傳送請求目標至業務伺服器130,並負責接收業務伺服器130所傳送之與請求目標相對應的服務結果。一般而言,客戶端110所傳送的請求目標包含客戶端110所具有的識別資料以及客戶端110欲下載之目標(例如網頁或檔案等)的路徑。The client 110 is responsible for transmitting the request target to the service server 130 and is responsible for receiving the service result corresponding to the request target transmitted by the service server 130. In general, the request target transmitted by the client 110 includes the identification data possessed by the client 110 and the path of the target (such as a web page or file, etc.) that the client 110 wants to download.

客戶端110也負責在被業務伺服器130重新導向(redirect)至認證伺服器120時,依據業務伺服器130所提供的重新導向訊息連線到認證伺服器120,並在之後將認證資料傳送至認證伺服器120。本發明所提之認證資料為能夠辨識客戶端110之使用者身分的資料,包含但不限於帳號密碼、數位簽章等。The client 110 is also responsible for connecting to the authentication server 120 based on the redirect message provided by the service server 130 when redirected to the authentication server 120 by the service server 130, and then transmitting the authentication data to the authentication server 120. Authentication server 120. The authentication data provided by the present invention is data that can identify the user identity of the client 110, including but not limited to an account password, a digital signature, and the like.

另外,客戶端110也負責在被認證伺服器120重新導向至業務伺服器130時,依據認證伺服器120所提供的重新導向訊息再次連線到業務伺服器130,同時也可以將原先傳送給業務伺服器130之欲下載之目標的路徑再次傳送給業務伺服器130,藉以獲得業務伺服器130的服務。In addition, the client 110 is also responsible for re-connecting to the service server 130 according to the redirect message provided by the authentication server 120 when the authenticated server 120 is redirected to the service server 130, and may also transmit the original to the service. The path of the server 130 to be downloaded is transmitted to the service server 130 again to obtain the service of the service server 130.

認證伺服器120負責接收業務伺服器130所傳送之查詢請求,並依據所接收到之查詢請求判斷客戶端110是否通過認證。認證伺服器120也負責依據客戶端110是否通過認證的判斷結果產生相對應的回應訊息,並將所產生的回應訊息傳回發出查詢請求的業務伺服器130。其中,認證伺服器120所產生的回應訊息可以表示客戶端110已通過認證或客戶端110未通過認證。The authentication server 120 is responsible for receiving the query request transmitted by the service server 130, and determining whether the client 110 passes the authentication according to the received query request. The authentication server 120 is also responsible for generating a corresponding response message according to whether the client 110 passes the authentication result, and transmits the generated response message back to the service server 130 that issues the query request. The response message generated by the authentication server 120 may indicate that the client 110 has passed the authentication or the client 110 has not passed the authentication.

一般而言,認證伺服器120可以在客戶端110通過認證時,在認證客戶列表中記錄客戶端110的識別資料,並在接收到查詢請求後,嘗試在認證客戶列表中搜尋查詢請求中之客戶端110的識別資料。當認證伺服器120成功在認證客戶列表中搜尋到客戶端110的識別資料時,認證伺服器120可以判斷客戶端110已通過認證;而若認證伺服器120無法在認證客戶列表中搜尋到客戶端110的識別資料,則認證伺服器120可以判斷客戶端110未通過認證。其中,本發明並沒有限制認證伺服器120儲存認證客戶列表的方式,例如,認證客戶列表可以被認證伺服器120記錄於一個檔案中,或是被記錄於記憶體中,也可以被認證伺服器120記錄於資料庫中的一個資料表(table)中。In general, the authentication server 120 may record the identification data of the client 110 in the authentication client list when the client 110 passes the authentication, and after searching for the query request, try to search for the client in the query request in the authentication client list. Identification data of terminal 110. When the authentication server 120 successfully searches the authentication client list for the identification data of the client 110, the authentication server 120 can determine that the client 110 has passed the authentication; and if the authentication server 120 cannot find the client in the authentication client list. The identification information of 110, the authentication server 120 can determine that the client 110 has not passed the authentication. The present invention does not limit the manner in which the authentication server 120 stores the authentication client list. For example, the authentication client list may be recorded in the file by the authentication server 120, or recorded in the memory, or may be authenticated by the server. 120 is recorded in a table in the database.

另外,認證伺服器120除了在認證客戶列表中搜尋客戶端110的識別資料來判斷客戶端110是否通過認證之外,認證伺服器120還可以在從認證客戶列表中搜尋到客戶端110的識別資料後,進一步依據客戶端110之識別資料是否已被記錄於認證客戶列表中超過有效期限來判斷客戶端110是否已通過認證,並依據客戶端之識別資料被記錄於認證客戶列表中是否已超過有效期限來產生表示客戶端110已通過認證或未通過認證的回應訊息。也就是說,認證伺服器120可以先判斷認證客戶列表中是否包含客戶端110的識別資料,若是,則繼續依據認證客戶列表中與客戶端110之識別資料對應的時間資料判斷認證客戶列表中所記錄之客戶端110的識別資料是否超過有效期限,若否,則認證伺服器120可以產生表示客戶端110已通過驗證的回應訊息,而若認證客戶列表中沒有包含客戶端110的識別資料,或是認證客戶列表中所記錄之客戶端110的識別資料已超過有效期限,則認證伺服器120可以產生表示客戶端110未通過驗證的回應訊息。但認證伺服器120判斷客戶端110是否通過驗證之方式並不以上述為限。In addition, the authentication server 120 can search for the identification data of the client 110 from the list of authenticated clients, in addition to searching the identification data of the client 110 in the authentication client list to determine whether the client 110 passes the authentication. Then, whether the client 110 has passed the authentication according to whether the identification data of the client 110 has been recorded in the authentication client list exceeds the expiration date, and whether the identification data of the client is recorded in the authentication client list has exceeded the validity. The deadline is to generate a response message indicating that the client 110 has passed the authentication or failed the authentication. That is, the authentication server 120 may first determine whether the authentication client list includes the identification data of the client 110, and if yes, continue to determine the authentication client list according to the time data corresponding to the identification data of the client 110 in the authentication client list. Whether the identification data of the recorded client 110 exceeds the expiration date, if not, the authentication server 120 may generate a response message indicating that the client 110 has passed the verification, and if the authentication client list does not include the identification information of the client 110, or If the identification data of the client 110 recorded in the authentication client list has exceeded the expiration date, the authentication server 120 may generate a response message indicating that the client 110 has not passed the verification. However, the manner in which the authentication server 120 determines whether the client 110 passes the verification is not limited to the above.

認證伺服器120也負責將客戶端110重新導向回將客戶端110重新導向到認證伺服器120的業務伺服器130,使得客戶端110與原先連線的業務伺服器130重新連線。其中,認證伺服器120可以產生重新導向訊息並傳送給客戶端110,使得客戶端110依據認證伺服器120所提供的重新導向訊息再次連線到原先客戶端110傳送請求目標的業務伺服器130。The authentication server 120 is also responsible for redirecting the client 110 back to redirecting the client 110 to the service server 130 of the authentication server 120, causing the client 110 to reconnect with the previously connected service server 130. The authentication server 120 can generate a redirect message and transmit it to the client 110, so that the client 110 reconnects to the original client 110 to transmit the service server 130 of the request target according to the redirect message provided by the authentication server 120.

業務伺服器130負責接收客戶端110所傳送的請求目標,並在接收到客戶端110所傳送的請求目標時,連線至認證伺服器120查詢發出請求目標的客戶端110是否通過認證,以及接收認證伺服器120所傳回的回應訊息。當業務伺服器130所接收到的回應訊息表示發出請求目標的客戶端110已通過認證時,業務伺服器130可以依據客戶端110所發出之請求目標提供客戶端110與請求目標對應的服務並傳回服務結果;而當業務伺服器130所接收到的回應訊息表示發出請求目標的客戶端110未通過認證時,業務伺服器130可以重新導向客戶端110連線至認證伺服器120進行認證。其中,業務伺服器130可以產生重新導向訊息並傳送給客戶端110,使得客戶端110依據業務伺服器130所提供的重新導向訊息連線認證伺服器120。The service server 130 is responsible for receiving the request target transmitted by the client 110, and when receiving the request target transmitted by the client 110, connects to the authentication server 120 to query whether the client 110 that issued the request target passes the authentication, and receives the request. The response message sent by the authentication server 120. When the response message received by the service server 130 indicates that the client 110 that issued the request target has passed the authentication, the service server 130 can provide the service corresponding to the request target by the client 110 according to the request target issued by the client 110. The service result is returned; when the response message received by the service server 130 indicates that the client 110 that issued the request target fails the authentication, the service server 130 can redirect the client 110 to the authentication server 120 for authentication. The service server 130 can generate a redirect message and transmit it to the client 110, so that the client 110 authenticates the server 120 according to the redirect message provided by the service server 130.

另外,在客戶端110被認證伺服器120重新導向到業務伺服器130,使得客戶端110與業務伺服器130再次連線後,業務伺服器130可以再次連線至認證伺服器120查詢被認證伺服器120重新導向至業務伺服器130的客戶端110是否通過認證。In addition, after the client 110 is redirected to the service server 130 by the authentication server 120, so that the client 110 and the service server 130 are reconnected, the service server 130 can be reconnected to the authentication server 120 to query the authenticated server. The device 120 redirects to whether the client 110 of the service server 130 has passed the authentication.

接著以一個實施例來解說本發明的運作系統與方法,並請參照「第2圖」本發明所提之以認證伺服器在伺服群組中實現免登入之方法流程圖。在本實施例中,假設客戶端110為智慧型手機,但本發明並不以此為限,在本發明中,客戶端110也可以是平板電腦、筆記型電腦等。Next, an operational system and method of the present invention will be described with reference to an embodiment. Referring to FIG. 2, a flow chart of a method for authenticating a server to implement login-free in a servo group is provided. In this embodiment, the client 110 is assumed to be a smart phone, but the present invention is not limited thereto. In the present invention, the client 110 may also be a tablet computer, a notebook computer, or the like.

當客戶端110連線到業務伺服器130,並發出請求目標向業務伺服器130請求服務(步驟210)時,若業務伺服器130屬於使用本發明之伺服器群組中的伺服器,則業務伺服器130可以連線至認證伺服器120查詢客戶端110是否通過認證(步驟220)。在本實施例中,假設客戶端110的識別資料為網路位址,業務伺服器130可以由客戶端110所傳送之包含請求目標的封包中取得客戶端110的識別資料,並產生包含客戶端110之識別資料的查詢請求,以及將所產生查詢請求傳送到認證伺服器120。認證伺服器120在接收到業務伺服器130所傳送的查詢請求後,可以嘗試在認證伺服器120所管理的白名單(認證客戶列表)中搜尋所接收到之查詢請求所包含的客戶端110的識別資料,並依據搜尋結果產生相對應的回應訊息。其中,若認證伺服器120成功在白名單中搜尋到查詢請求所包含之客戶端110的識別資料,則認證伺服器120可以產生表示客戶端110已通過認證的回應訊息;而若認證伺服器120無法在白名單中搜尋到查詢請求所包含之客戶端110的識別資料,則認證伺服器120可以產生表示客戶端110未通過認證的回應訊息。When the client 110 connects to the service server 130 and issues a request target to request service from the service server 130 (step 210), if the service server 130 belongs to a server in the server group using the present invention, the service The server 130 can be wired to the authentication server 120 to query whether the client 110 has passed the authentication (step 220). In this embodiment, assuming that the identification data of the client 110 is a network address, the service server 130 may obtain the identification data of the client 110 from the packet containing the request target transmitted by the client 110, and generate the client including the client. The query request of the identification data of 110 and the generated query request are transmitted to the authentication server 120. After receiving the query request transmitted by the service server 130, the authentication server 120 may try to search the white list (authenticated client list) managed by the authentication server 120 for the client 110 included in the received query request. Identify the data and generate a corresponding response message based on the search results. If the authentication server 120 successfully searches the whitelist for the identification data of the client 110 included in the query request, the authentication server 120 may generate a response message indicating that the client 110 has passed the authentication; and if the authentication server 120 If the identification data of the client 110 included in the query request cannot be found in the white list, the authentication server 120 may generate a response message indicating that the client 110 has not passed the authentication.

接著,認證伺服器120可以將所產生的回應訊息傳送到發出查詢請求的業務伺服器130,業務伺服器130可以依據認證伺服器120所傳送的回應訊息判斷發出請求目標的客戶端110是否通過認證。Then, the authentication server 120 can transmit the generated response message to the service server 130 that issues the query request, and the service server 130 can determine, according to the response message sent by the authentication server 120, whether the client 110 that issued the request target passes the authentication. .

若業務伺服器130所查詢到的結果表示發出請求目標的客戶端110已通過認證,也就是業務伺服器130所接收到的回應訊息表示發出請求目標的客戶端110已通過認證,則業務伺服器130可以依據客戶端110所發出的請求目標提供客戶端110與請求目標相對應的服務(步驟290)。If the result queried by the service server 130 indicates that the client 110 that issued the request target has passed the authentication, that is, the response message received by the service server 130 indicates that the client 110 that issued the request target has passed the authentication, the service server 130 may provide a service corresponding to the request target by the client 110 in accordance with the request target issued by the client 110 (step 290).

在本實施例中,若客戶端110為首次連限制業務伺服器130所屬的伺服器群組,則業務伺服器130所查詢到的結果將表示客戶端110未通過認證,也就是業務伺服器130所接收到的回應訊息表示會發出請求目標的客戶端110未通過認證,業務伺服器130可以將客戶端110重新導向到認證伺服器120(步驟240)。In this embodiment, if the client 110 is the server group to which the first limited service server 130 belongs, the result queried by the service server 130 will indicate that the client 110 has not passed the authentication, that is, the service server 130. The received response message indicates that the client 110 that issued the request target has not passed the authentication, and the service server 130 can redirect the client 110 to the authentication server 120 (step 240).

在客戶端110被業務伺服器130重新導向到認證伺服器120時,客戶端110可以依據業務伺服器130所產生之重新導向訊息,連線到認證伺服器120,同時傳送客戶端110原先向業務伺服器130所請求之目標的路徑給認證伺服器。認證伺服器120在與客戶端110連線後,可以儲存客戶端所傳送之客戶端110原先向業務伺服器130所請求之目標的路徑,並傳送提供認證資料的請求至客戶端110。客戶端110在接收到認證伺服器120所傳送之提供認證資料的請求後,可以將認證資料傳送到認證伺服器120(步驟250)。在本實施例中,假設認證伺服器120可以傳送輸入帳號密碼的表單至客戶端110,客戶端110可以傳送對應客戶端110之使用者的帳號密碼至認證伺服器120。When the client 110 is redirected by the service server 130 to the authentication server 120, the client 110 can connect to the authentication server 120 according to the redirect message generated by the service server 130, and simultaneously transmit the client 110 to the service. The path of the target requested by the server 130 is given to the authentication server. After being connected to the client 110, the authentication server 120 can store the path of the target that the client 110 originally transmitted to the service server 130 and transmit the request for providing the authentication data to the client 110. After receiving the request for providing the authentication material transmitted by the authentication server 120, the client 110 may transmit the authentication data to the authentication server 120 (step 250). In this embodiment, it is assumed that the authentication server 120 can transmit a form for inputting an account password to the client 110, and the client 110 can transmit the account password of the user corresponding to the client 110 to the authentication server 120.

在認證伺服器120接收到客戶端110所傳送的認證資料後,認證伺服器120可以依據接收自客戶端110的認證資料判斷客戶端110是否通過認證(步驟260)。在本實施例中,假設認證伺服器120所接收到的認證資料為帳號密碼,則認證伺服器120可以比對預先儲存的帳號資料與接收到的認證資料,若帳號資料與認證資料不符,則認證伺服器120可以判斷客戶端110沒有通過認證,認證伺服器120可以要求沒有通過認證的客戶端110再次提供認證資料,或是拒絕或中斷沒有通過認證之客戶端110的連線,不再提供沒有通過認證的客戶端110認證服務。After the authentication server 120 receives the authentication data transmitted by the client 110, the authentication server 120 can determine whether the client 110 passes the authentication according to the authentication data received from the client 110 (step 260). In this embodiment, if the authentication data received by the authentication server 120 is an account password, the authentication server 120 can compare the pre-stored account data with the received authentication data, and if the account data does not match the authentication data, The authentication server 120 can determine that the client 110 has not passed the authentication, and the authentication server 120 can request the client 110 that has not passed the authentication to provide the authentication data again, or refuse or interrupt the connection of the client 110 that has not passed the authentication. There is no authenticated client 110 authentication service.

而若帳號資料與認證資料相符,則認證伺服器120可以判斷客戶端110通過認證,並將通過認證之客戶端110的識別資料寫入所管理的白名單中,另外,認證伺服器120也可以將通過認證的客戶端110重新導向到將客戶端110重新導向至認證伺服器120的業務伺服器130(步驟280)。在本實施例中,認證伺服器120可以產生包含先前儲存之客戶端110原先向業務伺服器130所請求之目標的路徑的重新導向訊息,並傳送給通過認證的客戶端110,使得客戶端110依據認證伺服器120所提供的重新導向訊息連線到客戶端110原先傳送請求目標的業務伺服器130。If the account information is consistent with the authentication data, the authentication server 120 can determine that the client 110 passes the authentication, and writes the identification data of the authenticated client 110 into the managed whitelist. In addition, the authentication server 120 can also The authenticated client 110 is redirected to the service server 130 that redirects the client 110 to the authentication server 120 (step 280). In this embodiment, the authentication server 120 may generate a redirect message containing the path of the previously stored target of the client 110 originally requested by the service server 130, and transmit the message to the authenticated client 110 such that the client 110 The redirect message provided by the authentication server 120 is connected to the service server 130 that the client 110 originally transmitted the request target.

在客戶端110被重新導向到業務伺服器130而與業務伺服器130連線的同時,客戶端110也可以依據認證伺服器120所提供的重新導向訊息將原先傳送給業務伺服器130的請求目標再次傳送給業務伺服器130。業務伺服器130在與客戶端110連線後,也就是接收到客戶端110再次傳送之請求目標後,可以直接提供客戶端110與請求目標相對應的服務並傳回服務結果(步驟290)。在本實施例中,假設認證伺服器120提供給客戶端的重新導向訊息包含客戶端110已通過認證的訊息,使得客戶端110依據認證伺服器120所提供的重新導向訊息與業務伺服器130連線後,業務伺服器130可以取得客戶端110已通過認證的訊息,並可以依據重新導向訊息中所包含之請求目標提供客戶端110相對應的服務。While the client 110 is redirected to the service server 130 to connect with the service server 130, the client 110 may also transmit the request target originally transmitted to the service server 130 according to the redirect message provided by the authentication server 120. It is transmitted to the service server 130 again. After the service server 130 is connected to the client 110, that is, after receiving the request target transmitted by the client 110 again, the service server 110 can directly provide the service corresponding to the request target and return the service result (step 290). In this embodiment, it is assumed that the redirect message provided by the authentication server 120 to the client includes a message that the client 110 has passed the authentication, so that the client 110 connects to the service server 130 according to the redirect message provided by the authentication server 120. After that, the service server 130 can obtain the message that the client 110 has passed the authentication, and can provide the service corresponding to the client 110 according to the request target included in the redirect message.

事實上,業務伺服器130也可以在接收到客戶端110再次傳送之請求目標後,再次連線到認證伺服器120查詢客戶端110是否通過認證(步驟220)。在本實施例中,由於客戶端110已經通過認證,所以認證伺服器120可以在白名單中查詢到客戶端110的識別資料,也可以產生表示客戶端110已通過認證的回應訊息並傳回業務伺服器130,使得業務伺服器130判斷出客戶端110已通過認證,並提供客戶端110與客戶端110所傳送之請求目標相對應的服務(步驟290)。In fact, after receiving the request target transmitted by the client 110 again, the service server 130 may again connect to the authentication server 120 to query whether the client 110 passes the authentication (step 220). In this embodiment, since the client 110 has passed the authentication, the authentication server 120 can query the identification data of the client 110 in the white list, or generate a response message indicating that the client 110 has passed the authentication and return the service. The server 130 causes the service server 130 to determine that the client 110 has passed the authentication and provides a service corresponding to the request target transmitted by the client 110 to the client 110 (step 290).

之後,當客戶端110連線到業務伺服器131,並發出另一個請求目標向業務伺服器131請求服務(步驟210)時,若業務伺服器131與業務伺服器130屬於同一個伺服器群組,則當業務伺服器131連線至認證伺服器120查詢客戶端110是否通過認證(步驟220)後,認證伺服器120可以在白名單中查詢到客戶端110的識別資料,接著,認證伺服器120可以產生表示客戶端110已通過認證的回應訊息,並將所產生的回應訊息傳回業務伺服器130。業務伺服器130在接收到表示客戶端110已通過認證的回應訊息後,可以提供客戶端110與客戶端110所傳送之請求目標相對應的服務(步驟290)。Thereafter, when the client 110 connects to the service server 131 and issues another request target to request service from the service server 131 (step 210), if the service server 131 and the service server 130 belong to the same server group. After the service server 131 is connected to the authentication server 120 to query whether the client 110 passes the authentication (step 220), the authentication server 120 can query the identification data of the client 110 in the white list, and then authenticate the server. 120 may generate a response message indicating that the client 110 has passed the authentication, and transmit the generated response message back to the service server 130. After receiving the response message indicating that the client 110 has passed the authentication, the service server 130 may provide the service corresponding to the request target transmitted by the client 110 to the client 110 (step 290).

如此,透過本發明,當客戶端110連線到同一伺服器群組中的不同業務伺服器130/131時,只需要在第一次連線到業務伺服器130/131時進行一次認證,之後連線到不同業務伺服器時都不再需要進行登入操作。同時,透過本發明也減少了開發業務伺服器130/131之登入功能的時間成本與人力成本。雖然本發明僅僅是透過容易取得之客戶端110的識別資料進行認證,並不如現有單點登入方案嚴謹,但當客戶端110向業務伺服器130/131請求特定服務時,業務伺服器130/131僅需要透過認證伺服器120在認證客戶列表(白名單)中搜尋客戶端110的識別資料,比現有單點登入方案具有較高的認證效率,同時也簡化了認證的複雜度,對於操作客戶端110的使用者而言可以更快更方便的取得欲瀏覽的內容。也就是說,在不需要特別嚴謹的服務環境中,例如企業內部,本發明較現有單點登入方案有更好的使用者體驗。Thus, with the present invention, when the client 110 is connected to a different service server 130/131 in the same server group, only one authentication is required when connecting to the service server 130/131 for the first time, after which Login is no longer required when connecting to different business servers. At the same time, the time and labor costs of developing the login function of the service server 130/131 are also reduced by the present invention. Although the present invention is only authenticated through the easily-identified authentication data of the client 110, it is not as rigorous as the existing single-point login scheme, but when the client 110 requests a specific service from the service server 130/131, the service server 130/131 It is only necessary to search the identification data of the client 110 in the authentication client list (white list) through the authentication server 120, which has higher authentication efficiency than the existing single sign-on solution, and also simplifies the authentication complexity, and operates the client. The user of 110 can obtain the content to be browsed more quickly and conveniently. That is to say, in a service environment that does not require a particularly strict environment, such as an enterprise, the present invention has a better user experience than the existing single sign-on solution.

上述的實施例中,當業務伺服器130或業務伺服器131連線到認證伺服器120查詢客戶端110是否通過認證(步驟220)時,認證伺服器120除了在客戶端110的識別資料沒有被記錄在所管理的白名單中時產生表示客戶端110未通過認證的回應訊息外,若客戶端110的識別資料被記錄在認證伺服器120所管理的白名單中,則認證伺服器120可以進一步判斷客戶端110的識別資料被記錄在白名單中的時間是否已超過有效期限。認證伺服器120可以計算白名單中與客戶端110的識別資料一同被記錄的時間與當前時間的時間差是否超過預定值來判斷客戶端110的識別資料被記錄在白名單中的時間是否已超過有效期限,也可以比對白名單中與客戶端110的識別資料一同被記錄的時間是否已早於當前時間。當白名單中與客戶端110的識別資料一同被記錄的時間與當前時間的時間差超過預定值或是白名單中與客戶端110的識別資料一同被記錄的時間已早於當前時間,表示客戶端110的識別資料被記錄在白名單中的時間已超過有效期限,認證伺服器120可以產生表示客戶端110未通過認證的回應訊息,使得業務伺服器130/業務伺服器131可以判斷客戶端110未通過認證;而當白名單中與客戶端110的識別資料一同被記錄的時間與當前時間的時間差未超過預定值或是白名單中與客戶端110的識別資料一同被記錄的時間未早於當前時間,表示客戶端110的識別資料被記錄在白名單中的時間尚未超過有效期限,認證伺服器120可以產生表示客戶端110已通過認證的回應訊息,使得業務伺服器130/業務伺服器131可以判斷客戶端110已通過認證。In the above embodiment, when the service server 130 or the service server 131 is connected to the authentication server 120 to query whether the client 110 passes the authentication (step 220), the authentication server 120 is not included in the identification data of the client 110. In addition to generating a response message indicating that the client 110 has not passed the authentication when recorded in the managed whitelist, if the identification data of the client 110 is recorded in the whitelist managed by the authentication server 120, the authentication server 120 may further It is judged whether the time when the identification data of the client 110 is recorded in the white list has exceeded the expiration date. The authentication server 120 can calculate whether the time difference between the time recorded in the white list and the identification data of the client 110 and the current time exceeds a predetermined value to determine whether the time when the identification data of the client 110 is recorded in the white list has exceeded the effective time. The time limit can also be compared to the current time in the whitelist together with the identification data of the client 110. When the time difference between the time recorded in the white list and the identification data of the client 110 and the current time exceeds a predetermined value or the time in the white list is recorded together with the identification data of the client 110 is earlier than the current time, indicating the client The identification data of 110 is recorded in the white list for more than the expiration date, and the authentication server 120 can generate a response message indicating that the client 110 has not passed the authentication, so that the service server 130/service server 131 can determine that the client 110 is not Passing the authentication; and when the time difference between the time recorded in the white list and the identification data of the client 110 and the current time does not exceed the predetermined value or the time in the white list is recorded together with the identification data of the client 110 is not earlier than the current time The time indicates that the time when the identification data of the client 110 is recorded in the white list has not exceeded the expiration date, and the authentication server 120 can generate a response message indicating that the client 110 has passed the authentication, so that the service server 130/service server 131 can It is judged that the client 110 has passed the authentication.

綜上所述,可知本發明與先前技術之間的差異在於具有在客戶端連線到業務伺服器時,業務伺服器連線至認證伺服器查詢客戶端是否已通過認證,若是,則業務伺服器服務客戶端,若否,則業務伺服器重新導向客戶端至認證伺服器完成認證,並由認證伺服器將客戶端重新導向回業務伺服器,使客戶端重新與業務伺服器連線之技術手段,藉由此一技術手段可以解決先前技術所存在單點登入技術的開發複雜度較高且運行負載較大的問題,進而達成提高認證效率的技術功效。In summary, it can be seen that the difference between the present invention and the prior art is that when the client connects to the service server, the service server connects to the authentication server to query whether the client has passed the authentication, and if so, the service servo Service client, if not, the service server redirects the client to the authentication server to complete the authentication, and the authentication server redirects the client back to the service server, enabling the client to reconnect with the service server. The method can solve the problem that the development of the single sign-on technology in the prior art has high complexity and large running load, thereby achieving the technical effect of improving the authentication efficiency.

再者,本發明之以認證伺服器在伺服群組中實現免登入之方法,可實現於硬體、軟體或硬體與軟體之組合中。Furthermore, the method for implementing the login-free authentication in the servo group by the authentication server can be implemented in hardware, software or a combination of hardware and software.

雖然本發明所揭露之實施方式如上,惟所述之內容並非用以直接限定本發明之專利保護範圍。任何本發明所屬技術領域中具有通常知識者,在不脫離本發明所揭露之精神和範圍的前提下,對本發明之實施的形式上及細節上作些許之更動潤飾,均屬於本發明之專利保護範圍。本發明之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。While the embodiments of the present invention have been described above, the above description is not intended to limit the scope of the invention. Any modification of the form and details of the practice of the present invention, which is a matter of ordinary skill in the art to which the present invention pertains, is a patent protection of the present invention. range. The scope of the invention is to be determined by the scope of the appended claims.

110‧‧‧客戶端110‧‧‧Client

120‧‧‧認證伺服器120‧‧‧Authentication server

130、131‧‧‧業務伺服器130, 131‧‧‧Business Server

步驟210‧‧‧客戶端傳送請求目標至業務伺服器Step 210‧‧‧ The client transmits the request target to the service server

步驟220‧‧‧業務伺服器連線至認證伺服器查詢客戶端是否通過認證Step 220‧‧‧ The service server is connected to the authentication server to check whether the client is authenticated.

步驟240‧‧‧業務伺服器重新導向客戶端連線至認證伺服器Step 240‧‧‧Business Server Redirects Client Connection to Authentication Server

步驟250‧‧‧客戶端傳送認證資料至認證伺服器Step 250‧‧‧ The client transmits the authentication data to the authentication server

步驟260‧‧‧認證伺服器依據認證資料判斷客戶端是否通過認證Step 260‧‧‧ The authentication server determines whether the client is authenticated based on the authentication data.

步驟280‧‧‧認證伺服器重新導向客戶端連線至業務伺服器Step 280‧‧‧ Authentication server redirects the client to the service server

步驟290‧‧‧業務伺服器提供客戶端與請求目標對應之服務Step 290‧‧‧ The service server provides the client with the service corresponding to the request target

第1圖為本發明所提之以認證伺服器在伺服群組中實現免登入之系統架構圖。 第2圖為本發明所提之以認證伺服器在伺服群組中實現免登入之方法流程圖。FIG. 1 is a schematic diagram of a system architecture for implementing an authentication-free server to implement login-free in a servo group according to the present invention. FIG. 2 is a flow chart of a method for implementing an authentication-free server to implement login-free in a servo group according to the present invention.

Claims (10)

一種以認證伺服器在伺服群組中實現免登入之方法,該方法至少包含下列步驟: 一客戶端傳送一請求目標至一業務伺服器; 該業務伺服器連線至一認證伺服器查詢該客戶端是否通過認證; 當該客戶端未通過認證時,該業務伺服器重新導向該客戶端連線至該認證伺服器; 該客戶端傳送一認證資料至該認證伺服器; 該認證伺服器依據該認證資料判斷該客戶端通過認證後,重新導向該客戶端連線至該業務伺服器;及 當該客戶端已通過認證時,該業務伺服器提供該客戶端與該請求目標對應之服務。A method for implementing login-free authentication in a server group by using an authentication server, the method comprising at least the following steps: a client transmitting a request target to a service server; the service server is connected to an authentication server to query the client Whether the terminal passes the authentication; when the client fails the authentication, the service server redirects the client to the authentication server; the client transmits an authentication data to the authentication server; the authentication server is configured according to the The authentication data determines that the client is redirected to the service server after passing the authentication; and when the client has passed the authentication, the service server provides the service corresponding to the request target of the client. 如申請專利範圍第1項所述之以認證伺服器在伺服群組中實現免登入之方法,其中該業務伺服器連線至一認證伺服器查詢該客戶端是否通過認證之步驟更包含該認證伺服器依據該客戶端之識別資料是否被記錄於一認證客戶列表中產生相對應之一回應訊息,並傳送該回應訊息至該業務伺服器之步驟。As described in claim 1, the authentication server implements a login-free method in the server group, wherein the service server is connected to an authentication server to query whether the client passes the authentication step, and the authentication is further included. The server generates a corresponding response message according to whether the identification data of the client is recorded in an authentication client list, and transmits the response message to the service server. 如申請專利範圍第2項所述之以認證伺服器在伺服群組中實現免登入之方法,其中該認證伺服器依據該客戶端之識別資料是否被記錄於該認證客戶列表中產生相對應之該回應訊息之步驟,更包含該認證伺服器判斷該客戶端之識別資料已被記錄於該認證客戶列表後,依據該客戶端之識別資料是否已被記錄於該認證客戶列表中超過一有效期限產生該回應訊息。As described in claim 2, the authentication server implements a login-free method in the server group, wherein the authentication server generates a corresponding one according to whether the identification data of the client is recorded in the authentication client list. The step of responding to the message further includes: after the authentication server determines that the identification data of the client has been recorded in the authentication client list, according to whether the identification data of the client has been recorded in the authentication client list for more than one expiration date Generate this response message. 如申請專利範圍第1項所述之以認證伺服器在伺服群組中實現免登入之方法,其中該方法於該認證伺服器依據該認證資料判斷該客戶端通過認證之步驟後,更包含該認證伺服器記錄該客戶端之識別資料於一認證客戶列表中之步驟。The method for implementing the login-free method in the server group by the authentication server according to the first aspect of the patent application, wherein the method further comprises the step of determining, by the authentication server, the step of authenticating the client according to the authentication data. The authentication server records the identification information of the client in a list of authenticated clients. 如申請專利範圍第1項所述之以認證伺服器在伺服群組中實現免登入之方法,其中該方法於該認證伺服器重新導向該客戶端連線至該業務伺服器之步驟後,更包含該業務伺服器再次連線至該認證伺服器查詢該客戶端是否通過認證之步驟。The method for implementing the login-free method in the server group by the authentication server according to the first aspect of the patent application scope, wherein the method is after the step of redirecting the client to the service server by the authentication server, The step of connecting the service server to the authentication server to query whether the client has passed the authentication is included. 一種以認證伺服器在伺服群組中實現免登入之系統,該系統至少包含: 一客戶端; 一認證伺服器,用以判斷該客戶端是否通過認證;及 一業務伺服器,用以接收該客戶端所傳送之一請求目標,並連線至該認證伺服器以查詢該客戶端是否通過認證,當該客戶端未通過認證時,該業務伺服器重新導向該客戶端連線至該認證伺服器,當該客戶端已通過認證時,該業務伺服器提供該客戶端與該請求目標對應之服務; 其中,該客戶端更用以於被重新導向至該認證伺服器後,傳送一認證資料至該認證伺服器,使該認證伺服器依據該認證資料判斷該客戶端通過認證後,重新導向該客戶端連線至該業務伺服器。A system for implementing a login-free authentication in a server group, the system comprising: at least one client; an authentication server for determining whether the client is authenticated; and a service server for receiving the The client transmits a request target and connects to the authentication server to query whether the client passes the authentication. When the client fails the authentication, the service server redirects the client to the authentication server. The service server provides the service corresponding to the request target of the client when the client has been authenticated; wherein the client is further configured to transmit an authentication data after being redirected to the authentication server To the authentication server, the authentication server determines, according to the authentication data, that the client passes the authentication, and then redirects the client to the service server. 如申請專利範圍第6項所述之以認證伺服器在伺服群組中實現免登入之系統,其中該認證伺服器是依據該客戶端之識別資料是否被記錄於一認證客戶列表中以判斷該客戶端是否通過認證,並產生相對應之一回應訊息,及傳送該回應訊息至該業務伺服器。As described in claim 6, the authentication server implements a login-free system in the server group, wherein the authentication server determines whether the identification data of the client is recorded in an authentication client list. Whether the client passes the authentication, generates a corresponding response message, and transmits the response message to the service server. 如申請專利範圍第7項所述之以認證伺服器在伺服群組中實現免登入之系統,其中該認證伺服器更用以依據該客戶端之識別資料是否已被記錄於該認證客戶列表中超過一有效期限判斷該客戶端是否已通過認證,並產生該回應訊息。As described in claim 7, the authentication server implements a login-free system in the server group, wherein the authentication server is further configured to determine whether the identification data of the client has been recorded in the authentication client list. The validity period is judged whether the client has passed the authentication and the response message is generated. 如申請專利範圍第6項所述之以認證伺服器在伺服群組中實現免登入之系統,其中該認證伺服器更用以記錄該客戶端之識別資料於一認證客戶列表中。As described in claim 6, the authentication server implements a login-free system in the server group, wherein the authentication server is further configured to record the identification information of the client in an authentication client list. 如申請專利範圍第6項所述之以認證伺服器在伺服群組中實現免登入之系統,其中該業務伺服器更用以於由該認證伺服器重新導向之該客戶端連線至該業務伺服器後,再次連線至該認證伺服器查詢該客戶端是否通過認證。As described in claim 6, the authentication server implements a login-free system in the server group, wherein the service server is further configured to connect the client redirected by the authentication server to the service. After the server, connect to the authentication server again to check whether the client has passed the authentication.
TW105143359A 2016-12-27 2016-12-27 System for using authentication server to implement free login in server group and method thereof TW201824887A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW105143359A TW201824887A (en) 2016-12-27 2016-12-27 System for using authentication server to implement free login in server group and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW105143359A TW201824887A (en) 2016-12-27 2016-12-27 System for using authentication server to implement free login in server group and method thereof

Publications (1)

Publication Number Publication Date
TW201824887A true TW201824887A (en) 2018-07-01

Family

ID=63640167

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105143359A TW201824887A (en) 2016-12-27 2016-12-27 System for using authentication server to implement free login in server group and method thereof

Country Status (1)

Country Link
TW (1) TW201824887A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111327573A (en) * 2018-12-14 2020-06-23 英业达科技有限公司 Device and method for maintaining log-in state record to transfer data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111327573A (en) * 2018-12-14 2020-06-23 英业达科技有限公司 Device and method for maintaining log-in state record to transfer data

Similar Documents

Publication Publication Date Title
CN111556006B (en) Third-party application system login method, device, terminal and SSO service platform
US9401909B2 (en) System for and method of providing single sign-on (SSO) capability in an application publishing environment
US10541991B2 (en) Method for OAuth service through blockchain network, and terminal and server using the same
WO2018036314A1 (en) Single-sign-on authentication method and apparatus, and storage medium
US8627409B2 (en) Framework for automated dissemination of security metadata for distributed trust establishment
WO2017028804A1 (en) Web real-time communication platform authentication and access method and device
EP3316544B1 (en) Token generation and authentication method, and authentication server
WO2018145605A1 (en) Authentication method and server, and access control device
US9923906B2 (en) System, method and computer program product for access authentication
US9584615B2 (en) Redirecting access requests to an authorized server system for a cloud service
US9338165B2 (en) Common internet file system proxy authentication of multiple servers
US20090013063A1 (en) Method for enabling internet access to information hosted on csd
JP5276592B2 (en) System and method for gaining network access
CN112995219B (en) Single sign-on method, device, equipment and storage medium
WO2009002705A2 (en) Device provisioning and domain join emulation over non-secured networks
WO2016173199A1 (en) Mobile application single sign-on method and device
CN102404314A (en) Remote resources single-point sign on
WO2014048749A1 (en) Inter-domain single sign-on
US20140317187A1 (en) Information processing system, document managing server, document managing method, and storage medium
JP5565408B2 (en) ID authentication system, ID authentication method, authentication server, terminal device, authentication method of authentication server, communication method of terminal device, and program
CN113922982A (en) Login method, electronic device and computer-readable storage medium
JP2017523508A (en) Secure integrated cloud storage
CN112352411B (en) Registration of the same domain with different cloud service networks
TW201430608A (en) Single-sign-on system and method
JP2018055582A (en) Communication management program, communication management method and communication management apparatus