CN102655494B - SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode - Google Patents
SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode Download PDFInfo
- Publication number
- CN102655494B CN102655494B CN201110048432.6A CN201110048432A CN102655494B CN 102655494 B CN102655494 B CN 102655494B CN 201110048432 A CN201110048432 A CN 201110048432A CN 102655494 B CN102655494 B CN 102655494B
- Authority
- CN
- China
- Prior art keywords
- bill
- user
- authentication
- login
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an SAML (Security Assertion Markup Language)-based authentication platform designed in a single log-in mode. The SAML authentication platform consists of a log-in module and an authentication module, wherein the log-in module uses bills of two SAML formats on the basis of SAML 2.0 protocol, namely single log-in bill and a request bill for acquiring the single log-in bill, and the authentication module adopts an SSL (Secure Sockets Layer) handshaking protocol mode or PKI (Public Key Infrastructure) digital signature certificate authentication mode. According to the invention, uniform authentication in all application platforms is achieved, thus realizing single log-in of users. Authentication is not required within validity period of user identity, the user does not need to memorize username and passwords of a plurality of platforms, thus omitting complicated operations for inputting usernames and passwords for many times, achieving the purpose of one log-in and access everywhere, improving the working efficiency of the user, shortening the operation time, reducing user management complexity, and effectively promoting the user experience.
Description
Technical field
The present invention relates to the authentication platform of single-sign-on Model Design, is more particularly to set based on the single-sign-on pattern of SAML
The authentication platform of meter.
Background technology
With the extensive application of information technology and network technology in enterprise, many enterprises possess various application systems
System and operation system, such as OA systems, CRM client management systems, financial system etc..The function that these application systems are covered, clothes
Business can bring many benefits for user.Each business platform has a set of independent Authentication mechanism.User profile is not adopted
With centralized management, user profile is caused to repeat typing, managerial confusion;User needs account number, the password for remembering multiple business platforms,
The troublesome operation of username and password need to be repeatedly input into when different application platforms are logged in, this brings greatly not to user
Just, the service efficiency of system is reduced while having had a strong impact on Consumer's Experience.
The content of the invention
The invention aims to improve Consumer's Experience, the service efficiency of system is improved, realization is entered in each application platform
Row unified certification is authenticated, so as to realize the single-sign-on of user.Within user identity voucher effect duration, all need not carry out again
Certification, user need not remember the user account number of multiple platforms, password, save the loaded down with trivial details behaviour of repeatedly input username and password
Make, realize the target of " once logging in, access everywhere ".
For this purpose, the present invention proposes that a kind of single-node login system is put down by the unified identity authentication that business system demand planning builds
Platform, unified authentication and comprehensive safety service is provided for enterprise customer in each operation system, with realize platform and platform it
Between information exchange, resource-sharing.The operation of repeat logon is eliminated while providing the user diversified service, one is realized
The secondary target for logging in, accessing everywhere.It is unified authorization and authentication between the platform of trust, user only need to be input into once
Account and password, can everywhere access within identity documents effect duration.Authentication center transmits with the information of website platform
By digital signature encryption, the network transmission between user and platform passes through SSL encryption.
Wherein unification authentication platform has following functions:
Unified authorization --- authentication platform is that digital signature is issued in user's unification, as user's access platform and respectively should
Authorized with the authority of system, and the authority to user's access application system.
Authentication interface --- perfect authentication interface, allows various application systems can be conveniently by interface using locally recognizing
Card system, unified certification user identity.
Authentication --- user in access platform and each application system, all using identical authority (the i.e. account of user
Family and password) prove the verity of its identity.
Single-sign-on --- user after platform authentication, can directly access each application system for having authorized, realize not
Share with the authentication of application system, so as to reach the single-sign-on of multi-application system.
Data sharing --- authentication platform stores the essential information of user, and all application systems can make full use of this
A little information, reduce the repetition typing of user profile.
Escape way --- platform provides two kinds of escape ways:One kind is application layer security passage, and one kind is Internet peace
Full tunnel.They are to provide safe transmission channel between application, it is ensured that the safety of the data wherein transmitted.
For achieving the above object, the present invention is adopted the following technical scheme that:
A kind of authentication platform of the single-sign-on Model Design based on SAML, by two modules of login module and authentication module
Complete jointly, wherein login module uses the bill of two kinds of SAML forms based on SAML2.0 agreements, is respectively single-sign-on bill
With the request bill for obtaining single-sign-on bill, authentication module uses the Handshake Protocol mode of SSL or PKI digital signature is demonstrate,proved
Book authentication mode.
The beneficial effects of the present invention is, the work efficiency of user is improve, the operating time is reduced, reduce user management
Complexity, effectively improves Consumer's Experience.
Description of the drawings
Fig. 1 is the flow chart of application request bill;
Fig. 2 is the flow chart that checking logs in bill;
Fig. 3 is login process figure;
Fig. 4 is to publish flow chart;
Fig. 5 is business platform to the signature of data transmission between authentication center and checking flow chart;
Fig. 6 is authentication center to the signature of data transmission between business platform and checking flow chart.
Specific embodiment
With reference to the accompanying drawings and examples the present invention is further detailed explanation.
Unification authentication platform completes the generation of user's bill, session management, authentication, bill inquiry, log management, encryption
Algorithm, single-sign-on and the function such as publish, these functions are all completed jointly by two modules of login module and authentication module.
Login module is to decide whether user can log in and which resource they can access.It is by safely
Managing user identities mark is simultaneously automatic to submit to correct ID to carry out cost function business platform.It simplifies final use
The login process at family, by the introducing technology such as digital certificate or digital signature the certification to user's bill is completed, and is reduced various
The management workload of the information such as password, password, and enhance the safety of overall application.
Wherein login module is made up of several major functions such as session management, bill management and log management.
Session management:
Login sessions information management, there is provided session (Session) management function accessed user, preserving User logs in should
With information required during operation.Ensure each login user, can all retain one with its unique corresponding session, utilization is shared
Session (Session) function, realizes single-sign-on.Stepped on again without the need for user when i.e. user accesses other getting credit platforms
Record.
Bill management:
Bill management is responsible for login user and generates bill and bill cancellation.User identity through authentication module checking after,
Authentication module can return result to login module, and system is received and can give after returning result its corresponding bill, holds this
Bill, user just can correctly enter target service platform by this bill.After user is canceled to exit, bill also can
Fail therewith, to prevent it to be again introduced into system, it is ensured that the safety of system.
Unification authentication platform uses the bill of two kinds of SAML forms based on SAML2.0 agreements, is respectively single-sign-on bill
With the request bill for obtaining single-sign-on bill.User is logged in by authentication platform, is input into after user profile according to the use of input
Family information and other control information, generation meets the ticket contents of SAML2.0 forms, and signs;Simultaneously in view of security consideration
For user's signature should not adopt plaintext transmission, and certain key algorithm should be taken to carry out encrypted signature to bill.Single-point
Log in platform and use two kinds of SAML2.0 form bills, be respectively:
SSO Ticket --- single-sign-on bill
Ticket Granting Ticket --- obtain single-sign-on request bill
The bill of single-sign-on has the functional part of record user profile, it is possible to achieve user is after once logging in each
Plant application system to conduct interviews without validation information again, that is, meet for different user is in different application systems
Demand, and in the case of disclosure satisfy that demand for security, subscriber identity information is verified by bill.
The reply single-sign-on bills such as completeness, the convenience of storage, the convenience of process for authentication information storage
Requirement is standardized, single-sign-on bill is based on SAML2.0 standards in the system, and is expanded according to group's self-demand
Exhibition.Specific requirement is as follows:
The data structure of subsidiary signature;
Comprising data such as subscriber identity information, effect duration, IP address information, attribute information, certification main informations;
Comprising bill effect duration, prevent bill from falsely using;
Signing messages guarantee bill can not be changed, non-repudiation;
Using communication encryption, session data is included in encrypted ticket, prevent bill from falsely using with this.
If user needs to access application platform A, if judging, can be redirected to authentication center in the case of being not logged on is carried out
Log in.Authentication center obtains single-sign-on request bill first by single-sign-on session data application function.This function can root
The request bill of single-sign-on is obtained according to forms such as the UID that the request message of user is provided, application platform URL, request times.
After the authentication of authentication platform, its billing information legitimacy is verified;Therefrom obtain request for data bag time and sheet
The ground time carries out matching checking, prevents from applying for the expired repeating transmission of bag;Relative recording in validation database, then just generates corresponding
Request billing information, in being stored in the conversational list of authentication center, and return request bill to user.
As shown in figure 1, the flow process of application request bill is as follows:
1st, the information such as user input account, password, graphical verification code or short message verification code submits to unified certification center
Reason.
2nd, login module checks that user submits the information format for coming to.
3rd, login module sends certification request road authentication module and user profile is authenticated.
4th, by return authentication result to login module after authentication module authentication is finished.
5th, login module generates request bill according to the successful authentication result that authentication module is returned.
Unified certification center resets single-sign-on conversational list after the legitimacy of digital signature encryption bill is verified
The effectiveness of corresponding data, returns inspection result and generates login bill, completes the whole flow process of single-sign-on.
The flow process that checking logs in bill is as follows:
1st, business platform A carries inquiry and asks unified certification central platform according to (request bill).
2nd, Jing after the legitimacy of verification request bill, return login bill and give business platform A.
3rd, the user identity bill evidence after business platform A checkings encryption and session data.
4th, single-sign-on is completed after being verified.
Single sign-on authentication system provides authentication service for each business platform.Now describe user and access each business platform mistake
Handling process in journey between each related system, including User logs in flow process, user flow process is published.Each business platform is realized
Single-sign-on flow process general thought be " user after authentication center logins successfully, then can random access other trusts business
Platform.User publishes, and notifies that each business platform is published by authentication center ".
Information after User logs in success is stored in the single-sign-on session of the login service module of authentication center.Log in
Service and generate an inquiry foundation for user, login service module redirects (SAML-AuthnResponse) and arrives by browser
Corresponding business platform.
As shown in figure 3, its login process is:
1st, user accesses website A, and judgement is not logged on being redirected to unified certification center.
2nd, user is submitted to after relevant information, and authentication center authenticates to the information of user, generates request bill.
3rd, the request bill of generation is returned to website A by authentication center.
4th, website A sends the request that extraction logs in bill according to the inquiry of user according to unified certification center.
5th, unified certification center applies for that the foundation of bill generates login bill according to user, and returns to net by bill is logged in
Stand A.
6th, website A checks login bill, error message is shown if invalid login bill is the discovery that, otherwise according to user
The authority of offer provides service, completes single-sign-on.
As shown in figure 4, it publishes flow process being:
1st, user publishes (login module of authentication center is received and publishes request) from website A requests;
2nd, the log-on message of authentication center's login service module check user, and make login sessions fail.
3rd, authentication center's login module checks login situation of the user in other business platforms, then sends successively and publishes
Request (SAML-LogoutRequest), and wait result.
4th, etc. the logged business platform of the user is published after the completion of operation, and authentication center replys website A and publishes knot
Really (SAML-LogoutResponse).
5th, website A is published after result, does the process that user publishes this website, removes subscriber sign-in conversation.
Authentication module is to confirm whether user identity is legal, and then authentication just allows the application system of access mandate, to reach
To secure log and the purpose for accessing.Authentication module is mainly made up of authentication service and authorization service.
Authentication service:
Authentication is the basis of control of authority.Unification authentication platform provides the password authentification to user and note is random
The bidirectional identification checking of code checking, adoptable is the Handshake Protocol mode of SSL or PKI digital signature authentication modes.
User identity is after checking, it is possible to which the bill that acquisition system is issued, by this bill, user is able to access that and protected by SSO
Application system.
Authorization service:
The loaded down with trivial details ACL authority distribution modes of conventional complexity have been broken away from by the authorization service concentrated, based role has been realized
Permission Management Model, corresponding access rights can be set up according to user identity and existing application resource.User logs in business
After platform, unified certification center can automatically give its corresponding authority, and user just can be smoothly each in access authority range
Plant application system and resource.
Unification authentication platform needs centralized user information management, user uniquely to identify in each system only one of which.Data
The information such as library storage all about user, group, resource, application, login parameters and access control rule.Support LDAP and pass
It is type database.
Because SAML establishes trusting relationship between two websites for possessing shared user, so safety need to consider
One very important factor.The safety communicated between protection SAML Source Sites and targeted sites, Source Site and targeted sites it
Between all communications be required for through encryption.To guarantee that the both sides' website for participating in SAML interactions can verify the identity of other side, system
One authentication center can be completed with the communication of each business platform using digital signature encryption, it is ensured that the transmission safety of system.
In order to ensure the safety of user profile and unified certification central platform and each business platform, need to user's body
The safety of part voucher proposes following scheme:
1) message integrity and message confidentiality of authentication voucher are ensured using SSL 3.0;
2) checking request of authentication voucher is ensured using the technologies of SSL 3.0 and XML signature technologies;
3) message integrity and message confidentiality of authentication voucher are ensured using SSL 3.0;
Ensure the checking request and returning result of authentication voucher using the safe practices of SSL 3.0 and XML signature technologies
Message integrity and can not distort.
User browser accesses unified certification center or accesses the communication process that each business platform transmits authentication voucher
Transmission is encrypted using SSL passages.
1) user is input in a browser usemame/password and is submitted to the communication process of login service device using SSL passages
It is encrypted transmission;
2) communication process of user's carrying user's request bill access service plateform system is encrypted biography using SSL passages
It is defeated;
3) Signcryption Algorithm:Shal-DSA, DSA key digit 1024 (2048);
4) certificate preserves form:X.509.
Public Key Infrastructure PKI enables the public to use the technology as digital signature and XML encryptions.
Digital signature and the core of XML encryptions are keys, and key is used for digital signing document and checking signature, is also used for encrypting and decrypts
Process.For digital signature, sender can not deny, and receiving measured step can forge.
Fig. 5 gives business platform to the signature of data transmission between authentication center and checking flow process, and Fig. 6 gives certification
Center is to the signature of data transmission between business platform and checking flow process.Flow process of signing more than can be seen that in single-sign-on
In system, due to there is two-way data interaction before unification authentication platform and business platform, need to carry out two-way signature, often
Secondary interaction, system needs to use to two kinds of keys:
The public key and private key at unified certification center:Only a set of, authentication center provides public key when business platform is accessed
To each platform, private key is used by authentication center's keeping.
The public key and private key of business platform:Each business platform is a set of, public key by authentication center keeping use, private key by
Each business platform keeping is used.
Both Single Sign-On Technology Used and identification authorization are complementary, and mandate is the core technology of single-sign-on.No
The access mandate of authentication be it is unsafe, it is nonsensical during the authentication without access mandate.What the present invention was adopted
Technology is the authentication platform center based on the single-sign-on Model Design of SAML, and is designed by self-defining note form, real
The safe transmission of information is showed.The user profile that XML format based on SAML is preserved also is based on KPI electronic signature technology certifications.
The single-node login system employs SAML frameworks and agreement, user profile is carried out using symmetrical cipher mode adding
It is close so that systematic function and handling capacity are greatly improved.Secondly, the system is also added into audit function, and please in checking every time
Behaviors of the Shi Douhui to user is asked to record, analysis user behavior that can be detailed is conducive to the popularization of business.
The foregoing is only presently preferred embodiments of the present invention, be not limited to the present invention, all spirit in the present invention and
Make fixed any modification, equivalent and improvement etc. within principle, all should be included within the scope of the present invention.
Claims (2)
1. a kind of authentication platform of the single-sign-on Model Design based on SAML, is total to by two modules of login module and authentication module
It is same to complete, it is characterised in that described login module uses the bill of two kinds of SAML forms based on SAML2.0 agreements, is respectively
The request bill of single-sign-on bill and acquisition single-sign-on bill, described authentication module uses the Handshake Protocol of SSL
Mode or PKI digital signature authentication modes;Wherein, the flow process of application request bill is as follows:
1) user input user profile submits to unified certification center processing, wherein, user profile includes account, password, figure
One or more in identifying code and short message verification code;
2) login module checks that user submits the information format for coming to;
3) login module sends certification request user profile is authenticated to authentication module;
4) by return authentication result to login module after authentication module authentication is finished;
5) login module generates request bill according to the successful authentication result that authentication module is returned, and the request bill is used to obtain
Log in bill;
The flow process of checking single-sign-on bill is as follows:
1) business platform A carries the request ticket requests unified certification central platform;
2) after verifying the legitimacy of the request bill, return login bill and to business platform A, the login bill to be used to realize
After authentication center's platform described in User logs in, any one business platform is accessed;
3) the user identity bill evidence after business platform A checkings encryption and session data;
4) single-sign-on is completed after being verified;
Login process is:
1) user accesses website A, and judgement is not logged on being redirected to unified certification center;
2) user is submitted to after relevant information, and authentication center authenticates to the information of user, generates request bill;
3) the request bill of generation is returned to website A by authentication center;
4) website A sends the request that extraction logs in bill according to the inquiry of user according to unified certification center;
5) unified certification center applies for that the foundation of bill generates login bill according to user, and returns to website A by bill is logged in;
6) website A checks login bill, and if invalid login bill is the discovery that error message is shown, is otherwise provided according to user
Authority provide service, complete single-sign-on.
2. authentication platform as claimed in claim 1, it is characterised in that publishing flow process is:
1) user publishes from website A requests, and the login module of authentication center is received publishes request;
2) log-on message of authentication center's login service module check user, and make login sessions fail;
3) authentication center's login module checks login situation of the user in other business platforms, then sends successively to publish and asks
Ask, and wait result;
Etc. 4) the logged business platform of the user is published after the completion of operation, and authentication center replys website A and publishes result;
5) website A is published after result, does the process that user publishes this website, removes subscriber sign-in conversation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110048432.6A CN102655494B (en) | 2011-03-01 | 2011-03-01 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110048432.6A CN102655494B (en) | 2011-03-01 | 2011-03-01 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102655494A CN102655494A (en) | 2012-09-05 |
| CN102655494B true CN102655494B (en) | 2017-04-12 |
Family
ID=46731018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110048432.6A Expired - Fee Related CN102655494B (en) | 2011-03-01 | 2011-03-01 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102655494B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113420282A (en) * | 2021-06-12 | 2021-09-21 | 济南浪潮数据技术有限公司 | Cross-site single sign-on method and device |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102946603B (en) * | 2012-10-31 | 2015-12-02 | 重庆市电力公司 | Based on the unified identity authentication method of social characteristic in power cloud system |
| CN104253787A (en) * | 2013-06-26 | 2014-12-31 | 华为技术有限公司 | Service authentication method and system |
| CN103501344B (en) * | 2013-10-10 | 2017-08-01 | 瑞典爱立信有限公司 | The method and system of single-sign-on are realized in many applications |
| IN2013MU03727A (en) | 2013-11-27 | 2015-07-31 | Tata Consultancy Services Ltd | |
| CN105592003B (en) * | 2014-10-22 | 2019-08-09 | 北京拓尔思信息技术股份有限公司 | A kind of cross-domain single login method and system based on notice |
| CN104301418B (en) * | 2014-10-23 | 2017-12-12 | 西安未来国际信息股份有限公司 | A kind of cross-domain single login system and login method based on SAML |
| CN104639325A (en) * | 2014-12-31 | 2015-05-20 | 广州蓝海彤翔网络科技有限公司 | Cloud game system and cloud game method based on unified certification |
| US9843572B2 (en) * | 2015-06-29 | 2017-12-12 | Airwatch Llc | Distributing an authentication key to an application installation |
| CN105072123B (en) * | 2015-08-21 | 2018-06-19 | 广州博鳌纵横网络科技有限公司 | A kind of single sign-on under cluster environment exits method and system |
| CN105262751A (en) * | 2015-10-27 | 2016-01-20 | 上海斐讯数据通信技术有限公司 | Safety login method and device |
| CN107086979B (en) * | 2016-02-15 | 2020-05-01 | ***通信集团江苏有限公司 | User terminal verification login method and device |
| CN107508837A (en) * | 2017-09-28 | 2017-12-22 | 山东浪潮通软信息科技有限公司 | A kind of cross-platform heterogeneous system login method based on intelligent code key certification |
| CN108306771B (en) * | 2018-02-09 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Log reporting method, device and system |
| CN108664778B (en) * | 2018-03-26 | 2021-03-30 | 苏州科达科技股份有限公司 | User identity authentication method and device and electronic equipment |
| CN109359252B (en) * | 2018-10-30 | 2021-11-30 | 北京小米移动软件有限公司 | Browser selection method and device |
| CN110008669A (en) * | 2019-03-28 | 2019-07-12 | 深兰科技(上海)有限公司 | A kind of platform login method, system, device, terminal device and storage medium |
| CN110445756B (en) * | 2019-07-04 | 2021-07-09 | 中国电子科技集团公司第三十研究所 | Method for realizing searchable encryption audit logs in cloud storage |
| CN111404946B (en) * | 2020-03-19 | 2023-06-06 | 北京比特安索信息技术有限公司 | Account authentication method based on browser and server |
| CN111586054A (en) * | 2020-05-09 | 2020-08-25 | 山东健康医疗大数据有限公司 | Single sign-on implementation method based on Internet architecture |
| CN112187811B (en) * | 2020-09-30 | 2023-02-24 | 湖南快乐阳光互动娱乐传媒有限公司 | App login method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| CN101656609A (en) * | 2008-08-22 | 2010-02-24 | 华为技术有限公司 | Single sign-on method, system and device thereof |
| CN101771722A (en) * | 2009-12-25 | 2010-07-07 | 中兴通讯股份有限公司 | System and method for WAPI terminal to access Web application site |
-
2011
- 2011-03-01 CN CN201110048432.6A patent/CN102655494B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| CN101656609A (en) * | 2008-08-22 | 2010-02-24 | 华为技术有限公司 | Single sign-on method, system and device thereof |
| CN101771722A (en) * | 2009-12-25 | 2010-07-07 | 中兴通讯股份有限公司 | System and method for WAPI terminal to access Web application site |
Non-Patent Citations (1)
| Title |
|---|
| 统一身份认证***的研究与实现;马荣飞;《计算机工程与科学》;20090215;第31卷(第2期);第145-149页 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113420282A (en) * | 2021-06-12 | 2021-09-21 | 济南浪潮数据技术有限公司 | Cross-site single sign-on method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102655494A (en) | 2012-09-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102655494B (en) | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode | |
| CN101803272B (en) | Authentication system and method | |
| CN102638454B (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| CN103475666B (en) | A kind of digital signature authentication method of Internet of Things resource | |
| US8726358B2 (en) | Identity ownership migration | |
| CN107425983A (en) | A kind of unified identity authentication method and system platform based on WEB service | |
| CN107786571A (en) | A kind of method of user's unified certification | |
| CN102457509B (en) | Cloud computing resources safety access method, Apparatus and system | |
| US20140020051A1 (en) | User to user delegation service in a federated identity management environment | |
| CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
| CN107733861A (en) | It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN107294916A (en) | Single-point logging method, single-sign-on terminal and single-node login system | |
| CN101262342A (en) | Distributed authorization and validation method, device and system | |
| CN103179134A (en) | Single sign on method and system based on Cookie and application server thereof | |
| CN101938473A (en) | Single-point login system and single-point login method | |
| CN104580184A (en) | Identity authentication method for mutual-trust application systems | |
| CN106921678A (en) | A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery | |
| CN110891060A (en) | Unified authentication system based on multi-service system integration | |
| CN103986734B (en) | Authentication management method and authentication management system applicable to high-security service system | |
| CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
| CN113645247A (en) | Authority authentication control method based on HTTP (hyper text transport protocol) and storage medium | |
| CN101873333A (en) | Enterprise data maintenance method, device and system based on banking system | |
| KR20060032888A (en) | Apparatus for managing identification information via internet and method of providing service using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 510300 Yuexiu District martyrs Road, Guangdong, No. 507, one of the self compiled, 508 of the self compiled by the four, 83, Applicant after: Sunrise Technology Co., Ltd. Address before: 510300, Kai Hua City, 83 martyrs Road, Guangdong, Guangzhou, China 508, Yuexiu District Applicant before: Snrise Corporation |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: SNRISE CORPORATION TO: CONGXING TECHNOLOGY CO., LTD. |
|
| ASS | Succession or assignment of patent right |
Owner name: HONGKONG SHIYE DEVELOPMENT CO., LTD. Free format text: FORMER OWNER: CONGXING TECHNOLOGY CO., LTD. Effective date: 20150803 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20150803 Address after: Room 32, building 3205, Bank of America, 12 Cecil Harcourt Road, central, Hongkong, China Applicant after: Hongkong world industry development Co., Ltd. Address before: 510300 Yuexiu District martyrs Road, Guangdong, No. 507, one of the self compiled, 508 of the self compiled by the four, 83, Applicant before: Sunrise Technology Co., Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: TELEFON AB L.M. ERICSSON (SE) Free format text: FORMER OWNER: HONGKONG SHIYE DEVELOPMENT CO., LTD. Effective date: 20150909 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20150909 Address after: Stockholm Applicant after: Telefon AB L.M. Ericsson [SE] Address before: Room 32, building 3205, Bank of America, 12 Cecil Harcourt Road, central, Hongkong, China Applicant before: Hongkong world industry development Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170412 Termination date: 20200301 |