CN103107985B - A kind of cloud terminal authentication, system and device - Google Patents
A kind of cloud terminal authentication, system and device Download PDFInfo
- Publication number
- CN103107985B CN103107985B CN201210515050.4A CN201210515050A CN103107985B CN 103107985 B CN103107985 B CN 103107985B CN 201210515050 A CN201210515050 A CN 201210515050A CN 103107985 B CN103107985 B CN 103107985B
- Authority
- CN
- China
- Prior art keywords
- authentication
- cloud
- information
- cloud server
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention proposes a kind of cloud terminal authentication, comprise the following steps: cloud server receives the request message that client sends, and wherein, request message comprises the cloud resource information of certification authority and requested cloud resource; Cloud server inquires about the authentication record of described cloud server buffer memory to obtain the first Query Result according to certification authority; Cloud server is according to cloud resource information further authentication query record in the first Query Result; If inquire the authentication record of mating with request message in the first Query Result, then cloud server carries out certification according to the authentication result recorded in authentication record to request message.The invention allows for a kind of high in the clouds Verification System and cloud server.The present invention is by cloud server buffer memory authentication result, and batch receives the solicited message of user and inquires about, and decreases data access, improves the access efficiency of buffer memory, significantly reduce the authenticated time of each certification.
Description
Technical field
The present invention relates to the Internet cloud service technical field, particularly a kind of cloud terminal authentication, system and cloud server.
Background technology
Current cloud service platform, in order to ensure fail safe, when user accesses the resource that cloud service platform provides, needs to carry out authentication to the access request of user.Existing cloud service permission system mainly comprises two parts: requestor's authentication and requestor are for the access authority authentication of requested resource.When the resource of user's request access cloud service platform, need successively completing user authentication and resource access purview certification, the two could continue access after all passing through.Meanwhile, authentication is divided into again proof-of-identity validity decision and requestor-subsystem subordinate relation to judge two parts.So when permission system carries out the access authority authentication of user to resource at every turn, three secondary data storehouses must be carried out or store group of planes access (being used for reading the authority decision data of proof-of-identity data, requestor-subsystem subordinate relation data and resource respectively), cause the single authentication time to be greater than 10ms, thus authentication efficiency is had a strong impact on.
The cache(buffer memory of existing system) unit cache and network cache can be divided into from data storage location, the data in cache are the mirror images (such as database cache) in storage system.There is following shortcoming in existing system: unit cache limits by operating system stability and hardware resource, cannot high availability be ensured, also can bring the data synchronization problems between multiple spot cache simultaneously.Network cache can solve unit cache the problems referred to above, but in simple storage system cache, the mirror image of data can cause the frequent access of cache system, causes network performance to become bottleneck.
Summary of the invention
The present invention one of is intended to solve the problems of the technologies described above at least to a certain extent or at least provides a kind of useful business to select.
For this reason, the object of the invention is to propose a kind of cloud terminal authentication and device, reduce data access, improve the access efficiency of cloud server buffer memory, shorten the authenticated time of each certification.
For achieving the above object, the embodiment of first aspect present invention proposes a kind of cloud terminal authentication, comprise the following steps: cloud server receives the request message that client sends, and wherein, described request message comprises the cloud resource information of certification authority and requested cloud resource; Described cloud server inquires about the authentication record of described cloud server buffer memory to obtain the first Query Result according to described certification authority, wherein, described authentication record comprises Major key, auxiliary bond value and authentication result, described Major key and cloud resource information, and described auxiliary bond value is relevant to certification authority; Described cloud server inquires about described authentication record according to described cloud resource information further in described first Query Result; Described cloud server judges whether to inquire the authentication record with described request match messages in described first Query Result; If inquire the authentication record with described request match messages in described first Query Result, then described cloud server carries out certification according to the authentication result recorded in described authentication record to described request message.
In one embodiment of the invention, the access authority information of described cloud server to described cloud resource is monitored; When the access authority information change of described cloud resource, described cloud server deletes corresponding authentication record according to the cloud resource information of described cloud resource.
In one embodiment of the invention, described cloud server is according to the identity information of described certification authority access authentication authority owning user; Described cloud server carries out authentication according to described identity information to described request message.
In one embodiment of the invention, described cloud server obtains owner's information of described cloud resource according to described cloud resource information; Described cloud server carries out access authorization for resource certification according to described owner's information to described request message.
In one embodiment of the invention, the identity information of described user and described owner's information preferentially obtain from the data of described cloud server buffer memory.
According to the cloud terminal authentication of the embodiment of the present invention, by cloud server buffer memory authentication record, batch receives the solicited message of user and inquires about, and decreases data access, significantly reduces the authenticated time of each certification.
The embodiment of second aspect present invention proposes a kind of high in the clouds Verification System, comprise: client and cloud server, wherein, client is used for sending a request message to described cloud server, wherein, described request message comprises the cloud resource information of certification authority and requested cloud resource, cloud server is for receiving described request message, the authentication record of described cloud server buffer memory is inquired about to obtain the first Query Result according to described certification authority, and in described first Query Result, inquire about described authentication record according to described cloud resource information further, judge whether to inquire the authentication record with described request match messages in described first Query Result, and when inquiring the authentication record with described request match messages in described first Query Result, according to the authentication result recorded in described authentication record, certification is carried out to described request message, wherein, described authentication record comprises Major key, auxiliary bond value and authentication result, described Major key and cloud resource information, described auxiliary bond value is relevant to certification authority.
In one embodiment of the invention, described cloud server is also for monitoring the access authority information of described cloud resource, and when the access authority information change of described cloud resource, the cloud resource information according to described cloud resource deletes corresponding authentication record.
In one embodiment of the invention, described cloud server also for the identity information according to described certification authority access authentication authority owning user, and carries out authentication according to described identity information to described request message.
In one embodiment of the invention, described cloud server also for obtaining owner's information of described cloud resource according to described cloud resource information, and carries out access authorization for resource certification according to described owner's information to described request message.
In one embodiment of the invention, the identity information of described user and described owner's information preferentially obtain from the data of described cloud server buffer memory.
According to the high in the clouds Verification System of the embodiment of the present invention, by cloud server buffer memory authentication record, batch receives the solicited message of user and inquires about, and decreases data access, significantly reduces the authenticated time of each certification.
The embodiment of third aspect present invention proposes a kind of cloud server, comprising: user interactive module, and for receiving the request message that client sends, wherein, described request message comprises the cloud resource information of certification authority and requested cloud resource; Memory module, for authentication storage record, wherein, described authentication record comprises Major key, auxiliary bond value and authentication result, described Major key and cloud resource information, and described auxiliary bond value is relevant to certification authority; Enquiry module, for inquiring about the authentication record of described memory module buffer memory according to described certification authority to obtain the first Query Result, and in described first Query Result, inquire about described authentication record according to described cloud resource information further, and judge whether to inquire the authentication record with described request match messages in described first Query Result; Authentication module, during for inquiring the authentication record with described request match messages in described first Query Result, carries out certification according to the authentication result recorded in described authentication record to described request message.
In one embodiment of the invention, described cloud server also comprises: monitoring module, for monitoring the access authority information of described cloud resource, and when the access authority information change of described cloud resource, described memory module deletes corresponding authentication record according to the cloud resource information of described cloud resource.
In one embodiment of the invention, described authentication module also for the identity information according to described certification authority access authentication authority owning user, and carries out authentication according to described identity information to described request message.
In one embodiment of the invention, described authentication module also for obtaining owner's information of described cloud resource according to described cloud resource information, and carries out access authorization for resource certification according to described owner's information to described request message.
In one embodiment of the invention, the identity information of described user and described owner's information preferentially obtain from the data of described cloud server buffer memory.
According to the cloud server of the embodiment of the present invention, by cloud server buffer memory authentication record, batch receives the solicited message of user and inquires about, and decreases data access, significantly reduces the authenticated time of each certification.
Additional aspect of the present invention and advantage will part provide in the following description, and part will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
Above-mentioned and/or additional aspect of the present invention and advantage will become obvious and easy understand from accompanying drawing below combining to the description of embodiment, wherein:
Fig. 1 is the flow chart of the cloud terminal authentication of one embodiment of the invention;
Fig. 2 is the flow chart that the access rights of the resource of one embodiment of the invention carry out when changing processing;
Fig. 3 is the flow chart of the cloud terminal authentication of another embodiment of the present invention;
Fig. 4 is data and the algorithm schematic diagram of the cloud server cache batch query of one embodiment of the invention;
Fig. 5 is the schematic diagram of the high in the clouds Verification System of one embodiment of the invention; And
Fig. 6 is the schematic diagram of the cloud server of one embodiment of the invention.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Be exemplary below by the embodiment be described with reference to the drawings, be intended to for explaining the present invention, and can not limitation of the present invention be interpreted as.
In the present invention, unless otherwise clearly defined and limited, the term such as term " installation ", " being connected ", " connection ", " fixing " should be interpreted broadly, and such as, can be fixedly connected with, also can be removably connect, or connect integratedly; Can be mechanical connection, also can be electrical connection; Can be directly be connected, also indirectly can be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, above-mentioned term concrete meaning in the present invention can be understood as the case may be.
Referring to figs. 1 to Fig. 3, the flow process of the cloud terminal authentication of the embodiment of the present invention is described respectively below.
As shown in Figure 1, the cloud terminal authentication of embodiment according to a first aspect of the present invention, comprises the following steps:
S101: cloud server receives the request message that client sends, and wherein, request message comprises the cloud resource information of certification authority and requested cloud resource.
Particularly, certification authority is including but not limited to following a few class:
1.Accesskey corresponding secretkey, user ID;
2. development platform token(token) respective user ID;
3. cloud token respective user ID;
4.passport(hundred degree of external user login systems) user name, password respective user ID;
5.uuap(hundred degree of Intranet unified entry system) user name, password respective user ID.
The cloud resource information of cloud resource comprises the information of resource name etc.
S102: cloud server inquires about the authentication record of described cloud server buffer memory to obtain the first Query Result according to certification authority, wherein, authentication record comprises Major key, auxiliary bond value and authentication result, and Major key and cloud resource information, auxiliary bond value is relevant to certification authority.
Use resource name as main key(keyword), the certification authority of user is as secondary key, authentication query record in server cache beyond the clouds, if inquire existing authentication record in server cache beyond the clouds, then using the authentication result of the authentication result of this existing authentication record as this certification.
S103: cloud server is according to cloud resource information further authentication query record in the first Query Result.
S104: if inquire the authentication record of mating with request message in the first Query Result, then cloud server carries out certification according to the authentication result recorded in authentication record to request message.
When the access rights of resource change, such as user have purchased the service of effective class in limited time that some website provides, as downloaded the paying high-speed downloads of class software, VIP chapters and sections etc. are browsed in the paying of network novel website, now user becomes permission access for the access rights of these resources from disable access, authentication record data then in cloud server buffer memory need change, as shown in Figure 3, specifically comprise:
S201: the access authority information of cloud server to cloud resource is monitored.
S202: when the access authority information change of cloud resource, cloud server deletes corresponding authentication record according to the cloud resource information of cloud resource.
When the access rights of resource change, the resource name of this resource is carried out screening inquiry to authentication result in keyword beyond the clouds server cache, and remove the authentication result data of hitting this keyword in screening inquiry.
After removing corresponding authentication result data, when user sends authentication request again to the resource proposing authentication request, will inquiry be re-started, obtain correct authentication result.The real-time synchronization problem of data is resolved.
As shown in Figure 3, when not inquiring the authentication record of mating with request message in server buffer beyond the clouds, the cloud terminal authentication of one embodiment of the present of invention also comprises:
S105: cloud server is according to the identity information of certification authority access authentication authority owning user.
S106: cloud server carries out authentication according to identity information to request message.
Use the certification authority of user as main key, the identity information of inquiring user also carries out the authentication of user according to identity information.The authority information of user including but not limited to: access_key, secret_key, acess_key state, authorize the time etc.The identity information of user including but not limited to: user ID, user name, email, phone number, state (status), this user ID have the information such as the cloud computing subsystem list of access rights.The authentication information of user preferentially obtains from the data of cloud server buffer memory.If do not get authentication information in the buffer, then, when this authentication is passed through, the result of this authentication is preserved in the buffer.
In one embodiment of the invention, the authority information of user and the identity information of user are organized and stores in same data structure, reduce the access of a cache to improve cache access efficiency.
Only have requestor to have passed authenticating user identification, just can proceed resource access purview certification, if authenticating user identification failure, then directly to the prompting of client return authentication failure.Resource access purview certification comprises the following steps:
S107: cloud server obtains owner's information of cloud resource according to cloud resource information.
In the present embodiment, use resource name as main key, constant character string " ownership " is as secondary key, and the user profile such as the user ID of query resource owner and corresponding user name, to check that whether current authentication request is from resource owner.The identity information of user preferentially obtains from the data of cloud server buffer memory.
S108: cloud server carries out access authorization for resource certification according to owner's information to request message.
After have passed authentication and access authorization for resource certification, then request message certification is passed through; An authentification failure is had in access authorization for resource certification, then request message authentification failure in authentication.
In one embodiment of the invention, S102, S105, three query manipulations carried out in S107 step, because the keyword of three inquiries all provides in the authentication request of user, so batch process can be carried out to these three query manipulations, as shown in Figure 4, cloud server cache provides batch operation interface, include in a batch operation and inquire about final authentication result in cache beyond the clouds, requestor's authentication, query resource owner information in cache beyond the clouds, access authority authentication, high in the clouds only needs acceptance one secondary data, perform batch operation, just can return authentication result.Judge with the proof-of-identity validity decision of prior art, subordinate relation, resource access purview certification needs compared with three accessing databases, carry out batch process, decrease the access times to high in the clouds cache, decrease taking of the network bandwidth, the extra time reducing the cache access under cache mismatch condition as much as possible consumes.
The cloud terminal authentication of one embodiment of the invention also comprises:
S109: after certification completes, is stored into authentication result in the authentication record of cloud server buffer memory.
After each certification terminates, the authentication result (certification is passed through or authentification failure) of this time certification is kept in cloud server cache.In actual applications; such as user is when some websites is browsed; redirect between each webpage in same website of being everlasting; now often there will be the situation that user repeatedly accesses same resource; authentication result be kept in cloud server buffer memory, then after, this user accesses this resource when carrying out certification again, can as described in S102 step; from cloud server buffer memory, inquire about existing authentication result, authenticated time can be reduced significantly.
According to the cloud terminal authentication of the embodiment of the present invention, by cloud server buffer memory authentication record, batch receives the solicited message of user and inquires about, decrease data access, and the data structure optimized in cloud server buffer memory, improve the access efficiency of buffer memory, significantly reduce the authenticated time of each certification.
As shown in Figure 5, the high in the clouds Verification System of embodiment according to a second aspect of the present invention, comprising: client 310 and cloud server 320.
Particularly, client 310 sends a request message to cloud server 320, and wherein request message comprises the cloud resource information of certification authority and requested cloud resource.Particularly, cloud resource information comprises the information such as the resource name of resource, and certification authority is including but not limited to following a few class:
1.Accesskey corresponding secretkey, user ID;
2. development platform token(token) respective user ID;
3. cloud token respective user ID;
4.passport(hundred degree of external user login systems) user name, password respective user ID;
5.uuap(hundred degree of Intranet unified entry system) user name, password respective user ID.
After cloud server 320 receives this request message, the authentication record of own cache is inquired about to obtain the first Query Result according to certification authority, again according to cloud resource information further authentication query record in the first Query Result, and judge whether in the first Query Result, inquire the authentication record of mating with request message, wherein, authentication record comprises Major key, auxiliary bond value and authentication result, described Major key and cloud resource information, and described auxiliary bond value is relevant to certification authority.Use resource name as main key(keyword), the certification authority of user is as secondary key, authentication query record in server cache beyond the clouds, if inquire the authentication record of mating with this request message in server cache beyond the clouds, then according to the authentication result recorded in authentication record, certification is carried out to request message, that is, using the authentication result of the authentication result of this existing authentication record as this certification.
In one embodiment of the invention, cloud server 320 is also for monitoring the access authority information of cloud resource, when the access rights of resource change, such as user have purchased the service of effective class in limited time that some website provides, as downloaded the paying high-speed downloads of class software, VIP chapters and sections etc. are browsed in the paying of network novel website, now user becomes permission access for the access rights of these resources from disable access, authentication record data then in cloud server buffer memory need change, specifically by: realize according to the authentication record that the cloud resource information of cloud resource is deleted in corresponding cloud server buffer memory.
In one embodiment of the invention, when not inquiring the authentication record of mating with request message in the buffer memory of server 320 beyond the clouds, cloud server 320 obtains the identity information of owning user according to certification authority, and carries out authentication according to identity information to request message.Use the certification authority of user as main key, the identity information of inquiring user also carries out the authentication of user according to identity information.The identity information of user including but not limited to: user ID, user name, email, phone number, state (status), this user ID have the information such as the cloud computing subsystem list of access rights.The identity information of user preferentially obtains from the data of cloud server buffer memory.In one embodiment of the invention, the authority information of user and the identity information of user are organized and stores in same data structure, reduce the access of a cache to improve cache access efficiency.
If by authentication, cloud server 320 obtains owner's information of cloud resource according to cloud resource information, and carries out access authorization for resource certification according to owner's information to request message.Use resource name as main key, constant character string " ownership " is as secondary key, and the user profile such as the user ID of query resource owner and corresponding user name, to check that whether current authentication request is from resource owner.The identity information of user preferentially obtains from the data of cloud server buffer memory.
According to the high in the clouds Verification System of the embodiment of the present invention, by cloud server buffer memory authentication record, decrease data access, and optimize the data structure in cloud server buffer memory, improve the access efficiency of buffer memory, significantly reduce the authenticated time of each certification.
As shown in Figure 6, the cloud server of embodiment according to a third aspect of the present invention, comprising: user interactive module 410, memory module 420, enquiry module 430, authentication module 440.
Particularly, user interactive module 410 receives the request message that client sends.Wherein, request message comprises the cloud resource information of certification authority and requested cloud resource.Particularly, cloud resource information comprises the information such as the resource name of resource, and certification authority is including but not limited to following a few class:
1.Accesskey corresponding secretkey, user ID;
2. development platform token(token) respective user ID;
3. cloud token respective user ID;
4.passport(hundred degree of external user login systems) user name, password respective user ID;
5.uuap(hundred degree of Intranet unified entry system) user name, password respective user ID.
Memory module 420 authentication storage record, wherein, authentication record comprises Major key, auxiliary bond value and authentication result, and Major key is relevant to cloud resource information, and auxiliary bond value is relevant to certification authority.In the present embodiment, memory module 420 is cloud server buffer memory.
Enquiry module 430 inquires about the authentication record of buffer memory in memory module 420 to obtain the first Query Result according to certification authority, in described first Query Result, described authentication record is inquired about further again according to described cloud resource information, judge whether to inquire the authentication record with described request match messages in described first Query Result, if inquire the authentication record of mating with request message, then authentication module 440 carries out certification according to the authentication result recorded in this authentication record to request message.
In one embodiment of the invention, cloud server also comprises: monitoring module 450.The access authority information of monitoring module 450 pairs of cloud resources is monitored, and when the access authority information change of cloud resource, deletes corresponding authentication record by memory module 420 according to the cloud resource information of cloud resource.
When the access rights of resource change, such as user have purchased the service of effective class in limited time that some website provides, as downloaded the paying high-speed downloads of class software, VIP chapters and sections etc. are browsed in the paying of network novel website, now user becomes permission access for the access rights of these resources from disable access, the access rights that the monitoring module of cloud server monitors this resource change, and the resource name of this resource is carried out screening inquiry to authentication record in keyword beyond the clouds server buffer; Then, the authentication record data of hitting this keyword in screening inquiry are removed.
After removing corresponding authentication record data, when user sends authentication request again to the resource proposing authentication request, will inquiry be re-started, obtain correct authentication result.The real-time synchronization problem of data is resolved.
When not inquiring the authentication record of coupling in the buffer memory of server beyond the clouds, authentication module 440 according to the identity information of certification authority access authentication authority owning user, and carries out authentication according to identity information to request message.
Use the certification authority of user to inquire about in memory module 420 as main key, the user profile of inquiring user also carries out the authentication of user according to user profile.User profile including but not limited to: user ID, user name, email, phone number, state (status), this user ID have the information such as the cloud computing subsystem list of access rights.After passing through authenticating user identification, authentication module 440 obtains owner's information of cloud resource according to cloud resource information, and carries out access authorization for resource certification according to owner's information to request message.In the present embodiment, use resource name as main key, constant character string " ownership " is as secondary key, and the user profile such as the user ID of query resource owner and corresponding user name, to check that whether current authentication request is from resource owner.If resource does not belong to this user, detect user by authentication module 440 and whether have access rights to this resource.In one embodiment of the invention, the authority information of user and the identity information of user are organized and stores in same data structure, reduce the access of a cache to improve cache access efficiency.
After each certification terminates, authentication result is this time kept at memory module 420(and cloud server buffer memory) authentication record in.In actual applications; such as user is when some websites is browsed; redirect between each webpage in same website of being everlasting; now often there will be the situation that user repeatedly accesses same resource; authentication result is kept in cloud server buffer memory; then, this user accesses this resource when carrying out certification again, can inquire about existing authentication result, can reduce authenticated time significantly from cloud server buffer memory.
According to the cloud server of the embodiment of the present invention, by cloud server buffer memory authentication record, decrease data access, and optimize the data structure in cloud server buffer memory, improve the access efficiency of buffer memory, significantly reduce the authenticated time of each certification.
Describe and can be understood in flow chart or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
In flow charts represent or in this logic otherwise described and/or step, such as, the sequencing list of the executable instruction for realizing logic function can be considered to, may be embodied in any computer-readable medium, for instruction execution system, device or equipment (as computer based system, comprise the system of processor or other can from instruction execution system, device or equipment instruction fetch and perform the system of instruction) use, or to use in conjunction with these instruction execution systems, device or equipment.With regard to this specification, " computer-readable medium " can be anyly can to comprise, store, communicate, propagate or transmission procedure for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.The example more specifically (non-exhaustive list) of computer-readable medium comprises following: the electrical connection section (electronic installation) with one or more wiring, portable computer diskette box (magnetic device), random-access memory (ram), read-only memory (ROM), erasablely edit read-only memory (EPROM or flash memory), fiber device, and portable optic disk read-only memory (CDROM).In addition, computer-readable medium can be even paper or other suitable media that can print described program thereon, because can such as by carrying out optical scanner to paper or other media, then carry out editing, decipher or carry out process with other suitable methods if desired and electronically obtain described program, be then stored in computer storage.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.
Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention when not departing from principle of the present invention and aim, revising, replacing and modification.
Claims (13)
1. a cloud terminal authentication, is characterized in that, comprises the following steps:
Cloud server receives the request message that client sends, and wherein, described request message comprises the cloud resource information of certification authority and requested cloud resource;
Described cloud server inquires about the authentication record of described cloud server buffer memory to obtain the first Query Result according to described certification authority, wherein, described authentication record comprises Major key, auxiliary bond value and authentication result, described Major key and cloud resource information, and described auxiliary bond value is relevant to certification authority;
Described cloud server inquires about described authentication record according to described cloud resource information further in described first Query Result;
Described cloud server judges whether to inquire the authentication record with described request match messages in described first Query Result; And
If inquire the authentication record with described request match messages in described first Query Result, then described cloud server carries out certification according to the authentication result recorded in described authentication record to described request message;
Further, described cloud terminal authentication also comprises:
The access authority information of described cloud server to described cloud resource is monitored; And
When the access authority information change of described cloud resource, described cloud server deletes corresponding authentication record according to the cloud resource information of described cloud resource.
2. cloud terminal authentication as claimed in claim 1, is characterized in that, also comprise:
Described cloud server is according to the identity information of described certification authority access authentication authority owning user; And
Described cloud server carries out authentication according to described identity information to described request message.
3. cloud terminal authentication as claimed in claim 2, is characterized in that, also comprise:
Described cloud server obtains owner's information of described cloud resource according to described cloud resource information; And
Described cloud server carries out access authorization for resource certification according to described owner's information to described request message.
4. cloud terminal authentication as claimed in claim 3, it is characterized in that, identity information and described owner's information of described user preferentially obtain from the data of described cloud server buffer memory.
5. cloud terminal authentication as claimed in claim 3, is characterized in that, also comprise:
After certification completes, authentication result is stored in the authentication record of described cloud server buffer memory.
6. a high in the clouds Verification System, is characterized in that, comprising: client and cloud server, wherein,
Client, for sending a request message to described cloud server, wherein, described request message comprises the cloud resource information of certification authority and requested cloud resource;
Cloud server, for inquiring about the authentication record of described cloud server buffer memory according to described certification authority to obtain the first Query Result, and in described first Query Result, inquire about described authentication record according to described cloud resource information further, and when inquiring the authentication record with described request match messages in described first Query Result, according to the authentication result recorded in described authentication record, certification is carried out to described request message, wherein, described authentication record comprises Major key, auxiliary bond value and authentication result, described Major key and cloud resource information, described auxiliary bond value is relevant to certification authority,
Wherein, described cloud server is also for monitoring the access authority information of described cloud resource, and when the access authority information change of described cloud resource, the cloud resource information according to described cloud resource deletes corresponding authentication record.
7. high in the clouds as claimed in claim 6 Verification System, it is characterized in that, described cloud server also for the identity information according to described certification authority access authentication authority owning user, and carries out authentication according to described identity information to described request message.
8. high in the clouds as claimed in claim 7 Verification System, it is characterized in that, described cloud server also for obtaining owner's information of described cloud resource according to described cloud resource information, and carries out access authorization for resource certification according to described owner's information to described request message.
9. high in the clouds as claimed in claim 8 Verification System, it is characterized in that, identity information and described owner's information of described user preferentially obtain from the data of described cloud server buffer memory.
10. a cloud server, is characterized in that, comprising:
User interactive module, for receiving the request message that client sends, wherein, described request message comprises the cloud resource information of certification authority and requested cloud resource;
Memory module, for authentication storage record, wherein, described authentication record comprises Major key, auxiliary bond value and authentication result, described Major key and cloud resource information, and described auxiliary bond value is relevant to certification authority;
Enquiry module, for inquiring about the authentication record of described cloud server buffer memory according to described certification authority to obtain the first Query Result, and in described first Query Result, inquire about described authentication record according to described cloud resource information further, and judge whether to inquire the authentication record with described request match messages in described first Query Result; And
Authentication module, during for inquiring the authentication record with described request match messages in described first Query Result, carries out certification according to the authentication result recorded in described authentication record to described request message;
Described cloud server also comprises:
Monitoring module, for monitoring the access authority information of described cloud resource, and when the access authority information change of described cloud resource, described memory module deletes corresponding authentication record according to the cloud resource information of described cloud resource.
11. cloud servers as claimed in claim 10, is characterized in that, described authentication module also for the identity information according to described certification authority access authentication authority owning user, and carries out authentication according to described identity information to described request message.
12. cloud servers as claimed in claim 11, is characterized in that, described authentication module also for obtaining owner's information of described cloud resource according to described cloud resource information, and carries out access authorization for resource certification according to described owner's information to described request message.
13. cloud servers as claimed in claim 12, is characterized in that, identity information and described owner's information of described user preferentially obtain from the data of described cloud server buffer memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210515050.4A CN103107985B (en) | 2012-12-04 | 2012-12-04 | A kind of cloud terminal authentication, system and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210515050.4A CN103107985B (en) | 2012-12-04 | 2012-12-04 | A kind of cloud terminal authentication, system and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103107985A CN103107985A (en) | 2013-05-15 |
| CN103107985B true CN103107985B (en) | 2016-01-20 |
Family
ID=48315555
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210515050.4A Active CN103107985B (en) | 2012-12-04 | 2012-12-04 | A kind of cloud terminal authentication, system and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103107985B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681254A (en) * | 2014-11-18 | 2016-06-15 | 阿里巴巴集团控股有限公司 | User identity authentication method and apparatus |
| CN106022095B (en) * | 2016-01-21 | 2019-06-28 | 李明 | A kind of safety device, method of controlling security and identity card card-reading terminal |
| CN106022033B (en) * | 2016-01-21 | 2019-06-28 | 李明 | A kind of method of controlling security, safety device and identity card card-reading terminal |
| CN106060017A (en) * | 2016-05-19 | 2016-10-26 | 上海承蓝科技股份有限公司 | Cloud platform and method of data management and control |
| CN108108597A (en) * | 2016-11-25 | 2018-06-01 | 沈阳美行科技有限公司 | Authentication method and device based on NGTP architecture |
| CN109587100A (en) * | 2017-09-29 | 2019-04-05 | 阿里巴巴集团控股有限公司 | A kind of cloud computing platform user authentication process method and system |
| CN110019212B (en) * | 2017-11-29 | 2021-06-18 | 杭州海康威视数字技术股份有限公司 | Data processing method and device and database server |
| CN108989418A (en) * | 2018-07-11 | 2018-12-11 | 国云科技股份有限公司 | A kind of resource amount method of mixed cloud object storage common authentication |
| CN110798478B (en) * | 2019-11-06 | 2022-04-15 | 中国联合网络通信集团有限公司 | Data processing method and device |
| CN111447228A (en) * | 2020-03-27 | 2020-07-24 | 四川虹美智能科技有限公司 | Intelligent household appliance access request processing method and system, cloud server and intelligent air conditioner |
| CN112437078A (en) * | 2020-11-20 | 2021-03-02 | 腾讯科技(深圳)有限公司 | File storage method, device, equipment and computer readable storage medium |
| CN113553623A (en) * | 2021-07-30 | 2021-10-26 | 北京天空卫士网络安全技术有限公司 | Access request authentication method and device |
| CN115766294B (en) * | 2023-01-05 | 2023-04-25 | 中国联合网络通信集团有限公司 | Cloud server resource authentication processing method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101557406A (en) * | 2009-06-01 | 2009-10-14 | 杭州华三通信技术有限公司 | User terminal authentication method, device and system thereof |
| CN101616414A (en) * | 2008-06-23 | 2009-12-30 | ***通信集团公司 | Method, system and server that terminal is authenticated |
| CN101669128A (en) * | 2007-04-27 | 2010-03-10 | 国际商业机器公司 | Cascading authentication system |
| EP2184698A1 (en) * | 2007-08-29 | 2010-05-12 | Mitsubishi Electric Corporation | Authentication terminal and network terminal |
| CN102457509A (en) * | 2010-11-02 | 2012-05-16 | 中兴通讯股份有限公司 | Safe access method, device and system of cloud computing resource |
-
2012
- 2012-12-04 CN CN201210515050.4A patent/CN103107985B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101669128A (en) * | 2007-04-27 | 2010-03-10 | 国际商业机器公司 | Cascading authentication system |
| EP2184698A1 (en) * | 2007-08-29 | 2010-05-12 | Mitsubishi Electric Corporation | Authentication terminal and network terminal |
| CN101616414A (en) * | 2008-06-23 | 2009-12-30 | ***通信集团公司 | Method, system and server that terminal is authenticated |
| CN101557406A (en) * | 2009-06-01 | 2009-10-14 | 杭州华三通信技术有限公司 | User terminal authentication method, device and system thereof |
| CN102457509A (en) * | 2010-11-02 | 2012-05-16 | 中兴通讯股份有限公司 | Safe access method, device and system of cloud computing resource |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103107985A (en) | 2013-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103107985B (en) | A kind of cloud terminal authentication, system and device | |
| CN109756337B (en) | Secure access method and device for service interface | |
| JP5429912B2 (en) | Authentication system, authentication server, service providing server, authentication method, and program | |
| US9507949B2 (en) | Device and methods for management and access of distributed data sources | |
| US8752152B2 (en) | Federated authentication for mailbox replication | |
| US20090228967A1 (en) | Flexible Scalable Application Authorization For Cloud Computing Environments | |
| US20080215675A1 (en) | Method and system for secured syndication of applications and applications' data | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| US20080195824A1 (en) | Context sensitive caching on removable storage | |
| US8601540B2 (en) | Software license management | |
| EP3069467B1 (en) | Parallel on-premises and cloud-based authentication | |
| CN108632241B (en) | Unified login method and device for multiple application systems | |
| CN112511316B (en) | Single sign-on access method and device, computer equipment and readable storage medium | |
| US11245577B2 (en) | Template-based onboarding of internet-connectible devices | |
| US20210144138A1 (en) | Authority transfer system, server and method of controlling the server, and storage medium | |
| WO2016146007A1 (en) | Method and device for checking verification code | |
| CN111988262B (en) | Authentication method, authentication device, server and storage medium | |
| JP2008015733A (en) | Log management computer | |
| US20140007197A1 (en) | Delegation within a computing environment | |
| US8407770B2 (en) | System and method for managing user token in client device on network | |
| CN107155185B (en) | It is a kind of to access the authentication method of WLAN, apparatus and system | |
| CN112953951B (en) | User login verification and security detection method and system based on domestic CPU | |
| CN114070616A (en) | Distributed session sharing method and system based on redis cache | |
| CN107800715A (en) | A kind of portal authentication method and access device | |
| CN112632491A (en) | Method for realizing account system shared by multiple information systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |