[go: up one dir, main page]

WO2019095567A1 - Dispositif, procédé et support de stockage lisible par ordinateur pour vérification de signature unique - Google Patents

Dispositif, procédé et support de stockage lisible par ordinateur pour vérification de signature unique Download PDF

Info

Publication number
WO2019095567A1
WO2019095567A1 PCT/CN2018/076107 CN2018076107W WO2019095567A1 WO 2019095567 A1 WO2019095567 A1 WO 2019095567A1 CN 2018076107 W CN2018076107 W CN 2018076107W WO 2019095567 A1 WO2019095567 A1 WO 2019095567A1
Authority
WO
WIPO (PCT)
Prior art keywords
login request
token information
user data
single sign
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/076107
Other languages
English (en)
Chinese (zh)
Inventor
张迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Publication of WO2019095567A1 publication Critical patent/WO2019095567A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Definitions

  • the present application relates to the field of computer technologies, and in particular, to a verification apparatus, method, and computer readable storage medium for single sign-on.
  • the solution for verifying is generally: when the user terminal first logs in to an application system, the server generates a unique token information (token), and the token information and the login information.
  • the account establishes a mapping relationship, and the token information is sent to the user terminal, so that when the user terminal logs in to another application system to log in, the token information is carried and verified, and the account, password, and the like are no longer input, so that the user only You need to log in once to access all trusted applications.
  • a database needs to be established on the server side, and the account information of a large number of users and the token information assigned thereto and the mapping relationship between them need to be maintained.
  • the query needs to be performed.
  • the correspondence between the token information and the user in the database can query the user information and verify the login authority of the user.
  • the scheme not only needs to maintain a large amount of data on the server side, but also needs to be verified every time. Querying the mapping relationship from the database results in low verification efficiency.
  • the present application provides a verification apparatus, method, and computer readable storage medium for single sign-on, the main purpose of which is to reduce the amount of data maintained by the server and improve the verification efficiency of single sign-on.
  • the present application provides a verification apparatus for single sign-on, the apparatus comprising a memory and a processor, wherein the memory stores a verification program for single sign-on that can be run on the processor,
  • the verification procedure for single sign-on is implemented by the processor to implement the following steps:
  • the login request includes the token information, the token information and the user data are obtained from the login request, and the time when the login request is received is recorded;
  • Decrypting the token information by using a decryption algorithm corresponding to the first preset encryption algorithm and a pre-stored key to obtain user data and a credential creation time included in the token information;
  • the present application further provides a verification method for single sign-on, which includes:
  • the user data is obtained from the login request, where the user data includes at least user identity information and a service system identifier;
  • the current time is used as the voucher creation time, and the pre-stored key is obtained;
  • the present application further provides a computer readable storage medium, where the verification program of single sign-on is stored, and the verification program of the single sign-on can be one or Multiple processors execute to implement the following steps:
  • the login request includes the token information, the token information and the user data are obtained from the login request, and the time when the login request is received is recorded;
  • Decrypting the token information by using a decryption algorithm corresponding to the first preset encryption algorithm and a pre-stored key to obtain user data and a credential creation time included in the token information;
  • the verification device, the method, and the computer readable storage medium of the single sign-on provided by the present application when the logger request sent by the user terminal carries the token information, obtains the user data and the token information from the login request, and records and receives the At the time of the login request, the token information is decrypted using a decryption algorithm corresponding to the first preset encryption algorithm and a pre-stored key to obtain the user data and the credential creation time contained therein, and the user data included in the login request is The user included in the token information is compared, and it is determined whether the time difference between the recorded time and the acquired time of creating the credential is less than a preset threshold.
  • the token information for verifying the rights carried in the login request includes the encrypted user data, and a voucher generation time. After decrypting the token information, the token information can be obtained. User data and credential generation time, and thus included in the login request The user data is compared to verify the validity of the token information.
  • the scheme does not need to maintain the mapping relationship between the token information and the user data on the server side, and does not need to search for the corresponding user information according to the mapping relationship every time the verification is performed. , thereby reducing the amount of data that needs to be maintained, and improving the efficiency of single sign-on verification.
  • FIG. 1 is a schematic diagram of a preferred embodiment of a verification device for single sign-on in the present application
  • FIG. 2 is a schematic diagram of a program module of a verification procedure for single sign-on in an embodiment of the verification apparatus for single sign-on in the present application;
  • FIG. 3 is a flow chart of a preferred embodiment of a verification method for single sign-on in the present application.
  • the application provides a verification device for single sign-on.
  • a schematic diagram of a preferred embodiment of a verification apparatus for single sign-on is provided.
  • the single sign-on verification device includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
  • the memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like.
  • the memory 11 may in some embodiments be an internal storage unit of a single sign-on verification device, such as the hard disk of the single sign-on verification device.
  • the memory 11 may also be an external storage device of the single sign-on verification device in other embodiments, such as a plug-in hard disk equipped with a single sign-on verification device, a smart memory card (SMC), Secure Digital (SD) card, Flash Card, etc.
  • SMC smart memory card
  • SD Secure Digital
  • the memory 11 may also include an internal storage unit of the single sign-on verification device and an external storage device.
  • the memory 11 can be used not only for storing application software installed in the verification device of the single sign-on and various types of data, such as code of a check-out program for single sign-on, but also for temporarily storing data that has been output or will be output. .
  • the processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running program code or processing stored in the memory 11.
  • Data such as a verification program that performs single sign-on, and the like.
  • Communication bus 13 is used to implement connection communication between these components.
  • the network interface 14 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface), and is typically used to establish a communication connection between the device and other electronic devices.
  • a standard wired interface such as a WI-FI interface
  • Figure 1 shows only the verification device for single sign-on with components 11-14 and the checkout procedure for single sign-on, but it should be understood that not all of the illustrated components are required to be implemented, and alternative implementations are possible. Or fewer components.
  • the device may further include a user interface
  • the user interface may include a display
  • an input unit such as a keyboard
  • the optional user interface may further include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like.
  • the display may also be appropriately referred to as a display screen or display unit for displaying information processed in the verification device of the single sign-on and a user interface for displaying the visualization.
  • a verification program for single sign-on is stored in the memory 11; when the processor 12 executes the verification program for the single sign-on stored in the memory 11, the following steps are implemented:
  • the login request includes the token information
  • the token information and the user data are obtained from the login request, and the time when the login request is received is recorded.
  • the verification device for single sign-on proposed in this embodiment may be a single sign-on server.
  • the login request received by the verification device may be directly sent by the user terminal, or may be redirected by the service system to the verification device after the user terminal sends the information to the service system.
  • the verification device detects whether there is token information in the login request. If the token information is included, it indicates that the current login of the user terminal is not the first login, and the token information is allocated by the verification device when the login is previously registered.
  • the manner in which the verification device allocates the token information to the user terminal is: when the user terminal first logs in to the service system, or when it detects that the token carried in the login request fails, the user terminal is assigned a token.
  • the user data is obtained from the login request, where the user data includes at least user identity information and a service system identifier; Time as a voucher creation time, and acquiring a pre-stored key; encrypting the user data and the voucher creation time based on the key and the first preset encryption algorithm; acquiring a string obtained by the encryption process, The character string is used as token information, and the token information is sent to the user terminal.
  • the foregoing user data may include, but is not limited to, the following data: user identity information, a service system identifier, a user IP address, a single sign-on server group, an IP address of a host where the agent is located, and the like.
  • the above information is obtained from the login request, and the above information is combined, wherein the information is distinguished by "
  • the credential creation time is the current time, that is, The time when the encryption process.
  • the user data and the credential creation time may be separately encrypted, and then the combined result is further encrypted.
  • the step of performing encryption processing on the user data and the credential creation time based on the key and the first preset encryption algorithm includes:
  • the first encryption result and the second encryption result are combined into one character string; and the character string is encrypted according to the second preset encryption algorithm.
  • the first preset encryption algorithm may be an AES algorithm
  • the second preset encryption algorithm may be a BASE64 algorithm. In other embodiments, other encryption algorithms may be selected according to requirements.
  • the key used in the above process may be stored by the verification device after acquiring the key from other channels, or the verification device may generate the key according to the following steps:
  • SEED encryption processing, wherein the third preset encryption algorithm may be the HMAC_SHA_1 algorithm.
  • the specific process of generating a key is as follows:
  • PK(V) HOTP(SEED,V)
  • HOTP(K,C) (HMAC_SHA_1(K',C')&0x7FFFFFFF)mod 10d, where K' is the hash data of K, C' is the hash data of C, and SEED and V are taken as K and C respectively. The values are taken into the above formula to calculate HOTP (SEED, V) and HOTP (SEED, V + 1).
  • HMAC_SHA_1 algorithm for HASH hashing a 20-byte 40-bit hexadecimal number is obtained, mod is the remainder operation, and a 10th-order square-module operation is used to obtain a digital password of the d-bit.
  • HOTP is a one-time password algorithm based on HMAC.
  • the HMAC (Hash Message Authentication Code) algorithm mainly uses a hash algorithm to generate a message digest with a key and a message as input. Output, which can be bundled with any iterative hash function, such as the SHAS (Secure Hash Algorithm) algorithm to form the HMAC_SHA_1 algorithm.
  • SHAS Secure Hash Algorithm
  • the verification device sends the result of the encryption process as the token information to the user terminal for storage, and the user terminal carries the token information in the subsequent login request, for example, to the service system.
  • the token information is carried, so that all the trusted application systems can be accessed only by one login.
  • the login request includes the token information
  • the token information and the user data included in the request are obtained, and the time when the login request is received is recorded, and the legality of the obtained token information is verified.
  • the token information is decrypted using a decryption algorithm corresponding to the first preset encryption algorithm and a pre-stored key to obtain user data and credential creation time included in the token information.
  • the token information is decrypted, and the decryption process is essentially an inverse operation on the encryption process, and is decrypted according to the first preset encryption algorithm and a pre-stored key.
  • the preset threshold is a validity period of a token information set at the verification device. When the threshold is exceeded, the token information is considered to be invalid, and the user terminal is required to re-authenticate and re-acquire new token information.
  • the registrar request sent by the user terminal carries the token information
  • the user equipment and the token information are acquired from the login request, and the time when the login request is received is recorded and used.
  • the decryption algorithm corresponding to the first preset encryption algorithm and the pre-stored key decrypt the token information to obtain the user data and the credential creation time contained therein, and perform the user data included in the login request and the user included in the token information.
  • the token information used for the verification permission carried in the login request includes the encrypted user data, and a voucher generation time. After the token information is decrypted and processed, the user data and the voucher generation can be obtained. Time, which is compared with the user data contained in the login request. For the verification of the validity of the token information, the scheme does not need to maintain the mapping relationship between the token information and the user data on the server side, and does not need to search for the corresponding user information according to the mapping relationship each time the verification is performed, thereby reducing the need for maintenance. The amount of data and the effect of improving the verification efficiency of single sign-on.
  • the single sign-on verification program may also be divided into one or more modules, one or more modules being stored in the memory 11 and being processed by one or more processors ( This embodiment is executed by the processor 12) to complete the application.
  • the module referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is used to describe the single sign-on verification program in single sign-on. Verify the execution process in the device.
  • FIG. 2 it is a schematic diagram of a program module of a single sign-on verification program in an embodiment of the verification apparatus for single sign-on of the present application.
  • the verification procedure of the single sign-on can be divided.
  • the acquisition module 20 the decryption module 30, and the verification module 40, by way of example:
  • the determining module 10 is configured to: when receiving the login request sent by the user terminal, determine whether the token information is included in the login request;
  • the obtaining module 20 is configured to: if the login request includes the token information, obtain the token information and the user data from the login request, and record the time when the login request is received;
  • the decryption module 30 is configured to: decrypt the token information by using a decryption algorithm corresponding to the first preset encryption algorithm and a pre-stored key to obtain user data and a credential creation time included in the token information;
  • the verification module 40 is configured to: compare the user data included in the login request with the user data included in the token information, and determine whether the time difference between the recorded time and the credential creation time is less than a preset threshold. ;
  • the present application also provides a verification method for single sign-on.
  • FIG. 3 it is a flowchart of a preferred embodiment of the verification method for single sign-on of the present application.
  • the method can be performed by a device that can be implemented by software and/or hardware.
  • the verification method of the single sign-on includes:
  • Step S10 When receiving the login request sent by the user terminal, determining whether the token information is included in the login request.
  • Step S20 If the login request includes token information, the token information and the user data are obtained from the login request, and the time when the login request is received is recorded.
  • the verification method of the single sign-on proposed by the embodiment is described below by the single sign-on server.
  • the login request received by the single sign-on server may be directly sent by the user terminal, or may be redirected by the service system to the single sign-on server after the user terminal sends the service to the service system.
  • the single sign-on server detects whether there is token information in the login request. If the token information is included, the current login of the user terminal is not the first login, and the token information is allocated by the single sign-on server when the login is previously registered. of.
  • the above-mentioned single sign-on server allocates token information to the user terminal by assigning a token to the user terminal when the user terminal first logs in to the service system or when detecting that the token carried in the login request fails.
  • the user data is obtained from the login request, where the user data includes at least user identity information and a service system identifier; Time as a voucher creation time, and acquiring a pre-stored key; encrypting the user data and the voucher creation time based on the key and the first preset encryption algorithm; acquiring a string obtained by the encryption process, The character string is used as token information, and the token information is sent to the user terminal.
  • the foregoing user data may include, but is not limited to, the following data: user identity information, a service system identifier, a user IP address, a single sign-on server group, an IP address of a host where the agent is located, and the like.
  • the above information is obtained from the login request, and the above information is combined, wherein the information is distinguished by "
  • the credential creation time is the current time, that is, The time when the encryption process.
  • the user data and the credential creation time may be separately encrypted, and then the combined result is further encrypted.
  • the step of performing encryption processing on the user data and the credential creation time based on the key and the first preset encryption algorithm includes:
  • the first encryption result and the second encryption result are combined into one character string; and the character string is encrypted according to the second preset encryption algorithm.
  • the first preset encryption algorithm may be an AES algorithm
  • the second preset encryption algorithm may be a BASE64 algorithm. In other embodiments, other encryption algorithms may be selected according to requirements.
  • the key used in the above process can be stored by the single sign-on server after obtaining the key from other channels, or by the single sign-on server, the following steps are used to generate the key:
  • SEED encryption processing, wherein the third preset encryption algorithm may be the HMAC_SHA_1 algorithm.
  • the specific process of generating a key is as follows:
  • PK(V) HOTP(SEED,V)
  • HOTP(K,C) (HMAC_SHA_1(K',C')&0x7FFFFFFF)mod 10d, where K' is the hash data of K, C' is the hash data of C, and SEED and V are taken as K and C respectively. The values are taken into the above formula to calculate HOTP (SEED, V) and HOTP (SEED, V + 1).
  • HMAC_SHA_1 algorithm for HASH hashing a 20-byte 40-bit hexadecimal number is obtained, mod is the remainder operation, and a 10th-order square-module operation is used to obtain a digital password of the d-bit.
  • HOTP is a one-time password algorithm based on HMAC.
  • the HMAC (Hash Message Authentication Code) algorithm mainly uses a hash algorithm to generate a message digest with a key and a message as input. Output, which can be bundled with any iterative hash function, such as the SHAS (Secure Hash Algorithm) algorithm to form the HMAC_SHA_1 algorithm.
  • SHAS Secure Hash Algorithm
  • the single sign-on server sends the result of the encryption process to the user terminal for storage as a token, and the user terminal carries the token information in a subsequent login request, for example, to the service system.
  • the token information is carried, so that all the trusted application systems can be accessed only by one login.
  • the login request includes the token information
  • the token information and the user data included in the request are obtained, and the time when the login request is received is recorded, and the legality of the obtained token information is verified.
  • Step S30 Decrypt the token information by using a decryption algorithm corresponding to the first preset encryption algorithm and a pre-stored key to obtain user data and a credential creation time included in the token information.
  • Step S40 Compare the user data included in the login request with the user data included in the token information, and determine whether the time difference between the recorded time and the credential creation time is less than a preset threshold.
  • Step S50 If the user data included in the login request is consistent with the user data included in the token information, and the time difference is less than a preset threshold, it is determined that the verification is passed.
  • Step S60 otherwise, it is determined that the verification has failed.
  • the token information is decrypted, and the decryption process is essentially an inverse operation on the encryption process, and is decrypted according to the first preset encryption algorithm and a pre-stored key.
  • the preset threshold is a validity period of a token information set by the single sign-on server. If the threshold is exceeded, the token information is considered invalid, and the user terminal needs to re-authenticate and re-acquire new token information.
  • the method for verifying the single sign-on is provided in the embodiment, when the querier request sent by the user terminal carries the token information, the user data and the token information are obtained from the login request, and the time when the login request is received is used.
  • the decryption algorithm corresponding to the first preset encryption algorithm and the pre-stored key decrypt the token information to obtain the user data and the credential creation time contained therein, and perform the user data included in the login request and the user included in the token information. In contrast, it is determined whether the time difference between the recorded time and the acquired creation credential time is less than a preset threshold.
  • the token information used for the verification permission carried in the login request includes the encrypted user data, and a voucher generation time. After the token information is decrypted and processed, the user data and the voucher generation can be obtained. Time, which is compared with the user data contained in the login request. For the verification of the validity of the token information, the scheme does not need to maintain the mapping relationship between the token information and the user data on the server side, and does not need to search for the corresponding user information according to the mapping relationship each time the verification is performed, thereby reducing the need for maintenance. The amount of data and the effect of improving the verification efficiency of single sign-on.
  • the embodiment of the present application further provides a computer readable storage medium, where the verification program of single sign-on is stored, and the verification program of the single sign-on can be processed by one or more Executed to implement the following steps:
  • the login request includes the token information, the token information and the user data are obtained from the login request, and the time when the login request is received is recorded;
  • Decrypting the token information by using a decryption algorithm corresponding to the first preset encryption algorithm and a pre-stored key to obtain user data and a credential creation time included in the token information;
  • the technical solution of the present application which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM as described above). , a disk, an optical disk, including a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods described in the various embodiments of the present application.
  • a terminal device which may be a mobile phone, a computer, a server, or a network device, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un dispositif de vérification de signature unique, comprenant une mémoire et un processeur. La mémoire stocke un programme de vérification de signature unique qui peut être exécuté sur le processeur. Lorsque le programme est exécuté par le processeur, les étapes suivantes sont mises en œuvre : déterminer si une demande de signature envoyée par un terminal utilisateur contient des informations de jeton ; dans l'affirmative, acquérir les informations de jeton et des données d'utilisateur à partir de la demande de signature, et enregistrer un instant auquel la demande de signature est reçue ; déchiffrer les informations de jeton à l'aide d'une clé, de façon à acquérir les données d'utilisateur et un instant de création de justificatif d'identité contenu dans les informations de jeton ; si les données d'utilisateur contenues dans la demande de signature sont cohérentes avec les données d'utilisateur contenues dans les informations de jeton, et qu'une différence de temps entre l'instant enregistré et l'instant de création de justificatif d'identité est inférieure à un seuil prédéfini, déterminer que la vérification a réussi ; sinon, déterminer que la vérification a échoué. La présente invention concerne en outre un procédé de vérification de signature unique et un support de stockage lisible par ordinateur. La présente invention réduit la quantité de données qui doivent être maintenues et améliore l'efficacité de vérification de la signature unique.
PCT/CN2018/076107 2017-11-15 2018-02-10 Dispositif, procédé et support de stockage lisible par ordinateur pour vérification de signature unique Ceased WO2019095567A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711131291.8 2017-11-15
CN201711131291.8A CN108023874B (zh) 2017-11-15 2017-11-15 单点登录的校验装置、方法及计算机可读存储介质

Publications (1)

Publication Number Publication Date
WO2019095567A1 true WO2019095567A1 (fr) 2019-05-23

Family

ID=62079914

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/076107 Ceased WO2019095567A1 (fr) 2017-11-15 2018-02-10 Dispositif, procédé et support de stockage lisible par ordinateur pour vérification de signature unique

Country Status (2)

Country Link
CN (1) CN108023874B (fr)
WO (1) WO2019095567A1 (fr)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809991A (zh) * 2018-06-15 2018-11-13 北京云枢网络科技有限公司 一种基于sdk动态水印的客户端合法性校验的方法
CN109190341B (zh) * 2018-07-26 2024-03-15 平安科技(深圳)有限公司 一种登录管理系统和方法
CN109639711A (zh) * 2018-12-29 2019-04-16 成都康赛信息技术有限公司 一种基于私有链会话id的分布式cas认证方法
CN109948333A (zh) * 2019-03-08 2019-06-28 北京顺丰同城科技有限公司 一种账户攻击的安全防御方法及装置
CN110191090B (zh) * 2019-04-25 2022-03-18 平安科技(深圳)有限公司 单点登录的校验方法、装置、计算机设备及存储介质
CN110417906A (zh) * 2019-08-05 2019-11-05 中国联合网络通信集团有限公司 信息调用方法及设备
CN113812125B (zh) * 2019-08-15 2023-10-20 奇安信安全技术(珠海)有限公司 登录行为的校验方法及装置、系统、存储介质、电子装置
CN112836206B (zh) * 2019-11-22 2024-07-09 腾讯科技(深圳)有限公司 登录方法、装置、存储介质和计算机设备
CN111061718A (zh) * 2019-12-19 2020-04-24 中国建设银行股份有限公司 一种数据检核方法及装置
CN111475798A (zh) * 2020-03-05 2020-07-31 深圳壹账通智能科技有限公司 多App单点登录的方法、装置、设备和存储介质
CN112019505A (zh) * 2020-07-22 2020-12-01 北京达佳互联信息技术有限公司 登录方法、装置、服务器、电子设备及存储介质
CN114124534A (zh) * 2021-11-24 2022-03-01 航天信息股份有限公司 一种数据交互系统及方法
CN115730290A (zh) * 2021-12-28 2023-03-03 北京蓝太平洋科技股份有限公司 一种单点登录方法及装置
CN114338196A (zh) * 2021-12-30 2022-04-12 湖南快乐阳光互动娱乐传媒有限公司 用户身份验证方法和装置
CN114363090B (zh) * 2022-03-02 2022-10-25 工业互联网创新中心(上海)有限公司 一种多应用系统的单点登录平台的实现方法及管理系统
CN114500097A (zh) * 2022-03-03 2022-05-13 中国农业银行股份有限公司四川省分行 一种基于Web系统单点登录的校验机制
CN115225354A (zh) * 2022-07-07 2022-10-21 通号智慧城市研究设计院有限公司 多应用单点登录方法、装置、计算机设备和介质
CN116488863A (zh) * 2023-03-14 2023-07-25 深圳前海百递网络有限公司 业务数据传输方法、计算机设备及计算机存储介质
CN117336102B (zh) * 2023-11-30 2024-03-01 北京冠程科技有限公司 一种多重校验的身份鉴别系统及其鉴别方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060520A (zh) * 2006-04-21 2007-10-24 盛趣信息技术(上海)有限公司 基于Token的SSO认证系统
CN103139200A (zh) * 2013-01-06 2013-06-05 深圳市元征科技股份有限公司 一种web service单点登录的方法
US20140082715A1 (en) * 2012-09-19 2014-03-20 Secureauth Corporation Mobile multifactor single-sign-on authentication
CN107070880A (zh) * 2017-02-16 2017-08-18 济南浪潮高新科技投资发展有限公司 一种单点登录的方法及系统、一种认证中心服务器

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1323508C (zh) * 2003-12-17 2007-06-27 上海市高级人民法院 一种基于数字证书的单点登录方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060520A (zh) * 2006-04-21 2007-10-24 盛趣信息技术(上海)有限公司 基于Token的SSO认证系统
US20140082715A1 (en) * 2012-09-19 2014-03-20 Secureauth Corporation Mobile multifactor single-sign-on authentication
CN103139200A (zh) * 2013-01-06 2013-06-05 深圳市元征科技股份有限公司 一种web service单点登录的方法
CN107070880A (zh) * 2017-02-16 2017-08-18 济南浪潮高新科技投资发展有限公司 一种单点登录的方法及系统、一种认证中心服务器

Also Published As

Publication number Publication date
CN108023874B (zh) 2020-11-03
CN108023874A (zh) 2018-05-11

Similar Documents

Publication Publication Date Title
WO2019095567A1 (fr) Dispositif, procédé et support de stockage lisible par ordinateur pour vérification de signature unique
CN112671720B (zh) 一种云平台资源访问控制的令牌构造方法、装置及设备
CN108322469B (zh) 信息处理系统、方法和装置
US8838961B2 (en) Security credential deployment in cloud environment
CN107689869B (zh) 用户口令管理的方法和服务器
KR102493744B1 (ko) 생체 특징에 기초한 보안 검증 방법, 클라이언트 단말, 및 서버
US9646161B2 (en) Relational database fingerprinting method and system
US8997198B1 (en) Techniques for securing a centralized metadata distributed filesystem
US8863255B2 (en) Security credential deployment in cloud environment
US10135824B2 (en) Method and system for determining whether a terminal logging into a website is a mobile terminal
CN112953707A (zh) 密钥加密方法、解密方法及数据加密方法、解密方法
US10382424B2 (en) Secret store for OAuth offline tokens
KR102422183B1 (ko) 데이터에 대한 액세스 인에이블링
US9215064B2 (en) Distributing keys for decrypting client data
US11757877B1 (en) Decentralized application authentication
US10176307B2 (en) Licensing using a node locked virtual machine
WO2021137769A1 (fr) Procédé et appareil d'affichage pour envoyer et vérifier une demande et dispositif associé
WO2021141623A1 (fr) Initialisation d'un dispositif de stockage de données avec un dispositif gestionnaire
WO2019148717A1 (fr) Dispositif et procédé de vérification de validité de demande et support de mémoire lisible par ordinateur
CN111241492A (zh) 一种产品多租户安全授信方法、系统及电子设备
JP2022534677A (ja) ブロックチェーンを使用するオンラインアプリケーションおよびウェブページの保護
CN112307515A (zh) 基于数据库的数据处理方法、装置、电子设备和介质
CN110071937B (zh) 基于区块链的登录方法、系统及存储介质
WO2013170822A2 (fr) Procédé et dispositif de traitement de mot de passe pour la connexion à un serveur
CN119135428A (zh) 基于目标服务器和终端的分布式授权认证方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18877986

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 13.08.2020.

122 Ep: pct application non-entry in european phase

Ref document number: 18877986

Country of ref document: EP

Kind code of ref document: A1