CN106559383B - The login method and device of single-sign-on - Google Patents
The login method and device of single-sign-on Download PDFInfo
- Publication number
- CN106559383B CN106559383B CN201510622362.9A CN201510622362A CN106559383B CN 106559383 B CN106559383 B CN 106559383B CN 201510622362 A CN201510622362 A CN 201510622362A CN 106559383 B CN106559383 B CN 106559383B
- Authority
- CN
- China
- Prior art keywords
- password
- login
- encryption mode
- login password
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of login method of single-sign-on and devices, are related to field of communication technology.Main technical schemes of the invention include: the landing request information for receiving single sign-on client-side and sending, and the identification information of User ID, login password and application system is carried in landing request information;It is determined in local user's information bank according to User ID and identification information with the presence or absence of password encryption mode corresponding with login password;If it is determined that password encryption mode corresponding with login password is not present in local user's information bank, then the password encryption mode of login password is determined according to predetermined encryption mode rule base, and encrypted to login password with the password encryption mode after determining;Whether correct verify encrypted login password;If encrypted login password is correct, the prompt information logined successfully is sent to single sign-on client-side.During matching a variety of password encryption modes in single-node login system.
Description
Technical field
The present invention relates to fields of communication technology, more particularly to the login method and device of a kind of single-sign-on.
Background technique
Single-sign-on (Single Sign On, SSO) be popular business event integration at present solution it
One.It include multiple application systems in single-node login system, user, which only needs to log in, can once access all mutual trusts
Application system.The implementation procedure of single-node login system specifically: when user's access application system 1 for the first time, can be directed into
It is logged in Verification System;According to the log-on message that user provides, server carries out authentication, if returned by verifying
Authority-the ticket authenticated back to user one;When user accesses application system 2, carry ticket as login authentication with
According to application system 2 verifies the ticket, checks the legitimacy of ticket, if be proved to be successful, user can be not
With accessing application system 2 in the case where logging on.
In order to ensure account and cryptosecurity, each application system has fixed cipher mode in single-node login system,
But the cipher mode of password is different in each application system.It is corresponding that single logging-on server will record each application system
Cipher mode, when the password encryption mode one that saves in the password encryption mode and single logging-on server for log in application system
When cause, application system is successfully logged in;When some application system has replaced password encryption mode in single-sign-on, and single-sign-on takes
When business device does not save the password encryption mode after replacement, due to logging in the password encryption mode and single-point of application system
The password encryption mode saved in login service device is inconsistent, in the login password and single logging-on server for causing user to input
The login password of preservation is inconsistent, causes user that can not successfully log in the application system, therefore log in the flexibility of application system
It is lower.
Summary of the invention
In view of this, the login method and device of a kind of single-sign-on provided by the invention, main purpose be to solve by
The password encryption mode saved in the password encryption mode and single logging-on server for logging in application system is inconsistent, causes to use
The login password saved in the login password and single logging-on server of family input is inconsistent, causes user that can not successfully log in this
Application system, therefore single-node login system logs in the lower problem of flexibility of application system.
To solve the above-mentioned problems, present invention generally provides following technical solutions:
On the one hand, the present invention provides a kind of login methods of single-sign-on, this method comprises:
Receive the landing request information that single sign-on client-side is sent, carry in the landing request information User ID,
The identification information of login password and application system, the User ID are the unique identification information of user when executing single-sign-on, institute
Stating in single sign-on client-side includes at least one application system;
Being determined in local user's information bank according to the User ID and the identification information whether there is and the login
The corresponding password encryption mode of password;
If it is determined that password encryption mode corresponding with the login password, then root are not present in local user's information bank
Determine the password encryption mode of the login password according to predetermined encryption mode rule base, and with the password encryption side after determining
Formula encrypts the login password;Wherein, the predetermined encryption mode rule base includes the rule of known password encryption mode
Then information;
Whether correct verify encrypted login password;
If the encrypted login password is correct, the prompt letter logined successfully is sent to the single sign-on client-side
Breath.
On the other hand, the present invention also provides a kind of entering device of single-sign-on, which includes:
Receiving unit, for receiving the landing request information of single sign-on client-side transmission, in the landing request information
Carry the identification information of User ID, login password and application system, the User ID is that user is only when executing single-sign-on
One identification information includes at least one application system in the single sign-on client-side;
First determination unit, for being determined according to the received User ID of the receiving unit and the identification information
It whether there is password encryption mode corresponding with the login password in local user's information bank;
Second determination unit, for being not present and institute when first determination unit determines in local user's information bank
When stating the corresponding password encryption mode of login password, determine that the password of the login password adds according to predetermined encryption mode rule base
Close mode;
First encryption unit, for after the second determination unit determines the password encryption mode, with the institute after determination
Password encryption mode is stated to encrypt the login password;Wherein, the predetermined encryption mode rule base includes known password
The Rule Information of cipher mode;
Authentication unit, it is whether correct for verifying the encrypted login password of the first encryption unit;
First transmission unit, for when the authentication unit verifying encrypted login password is correct, Xiang Suoshu
Single sign-on client-side sends the prompt information logined successfully.
By above-mentioned technical proposal, technical solution provided by the invention is at least had the advantage that
The login method and device of single-sign-on provided by the invention, single logging-on server receive single sign-on client-side
The landing request information of transmission carries the identification information of User ID, login password and application system in the landing request information,
User ID and identification information determine in local user's information bank with the presence or absence of password corresponding with login password based on the received
Cipher mode, however, it is determined that password encryption mode corresponding with login password is not present in local user's information bank, then according to default
Cipher mode rule base determines the password encryption mode of the login password, and close to the login with the password encryption mode after determining
Code is encrypted, and verifies whether encrypted login password is striven for, if encrypted login password is correct, to single-sign-on visitor
Family end sends the prompt information logined successfully.Compared with prior art, the present invention determines log in local user's information bank first
The cipher mode of password is encrypted with the login password that the cipher mode after determination inputs user, it is ensured that local user's letter
The login password cipher mode ceased in library is consistent with the login password cipher mode that user inputs, i.e., regardless of what application system uses
Different login password cipher modes can be flexibly matched in kind login password cipher mode, single logging-on server,
Realize the legitimacy of verifying login password.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows a kind of schematic diagram of the login method of single-sign-on provided in an embodiment of the present invention;
Fig. 2 shows the schematic diagrames of the login method of another single-sign-on provided in an embodiment of the present invention;
Fig. 3 shows a kind of composition block diagram of the entering device of single-sign-on provided in an embodiment of the present invention;
Fig. 4 shows the composition block diagram of the entering device of another single-sign-on provided in an embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
The embodiment of the invention provides a kind of login method of single-sign-on, this method is applied to single logging-on server
Side, as shown in Figure 1, this method comprises:
101, the landing request information that single sign-on client-side is sent is received, carries user in the landing request information
The identification information of ID, login password and application system.
Include single sign-on client-side and single logging-on server in single-node login system, includes in single sign-on client-side
At least one application system, each application system have the User ID of itself, which is user when executing single-sign-on
Unique identification information, after single-node login system verifies User ID success, which can not have to the case where logging on
Other application system in lower access single sign-on client-side.
When logging in single-node login system, single sign-on client-side sends landing request information to single logging-on server,
The identification information of User ID, login password and application system is carried in the landing request information, single logging-on server receives
After the solicited message that single sign-on client-side is sent, the User ID, login password and the application system that are carried in acquisition request information
The identification information of system, the embodiment of the present invention is to the information carried in solicited message without specifically limiting.
102, according to the User ID and the identification information determine in local user's information bank with the presence or absence of with it is described
The corresponding password encryption mode of login password.
After User ID succeeds in registration, the User ID and login password can be saved in single-sign-on by single-node login system
It in local user's information bank of system, is included at least in local user's information bank: User ID, login password, application system
Identification information, password encryption mode, login time etc..It should be noted that in embodiments of the present invention, each application system
There is different password encryption modes, it is close to need to obtain the login before the legitimacy of verifying login password for single-node login system
The password encryption mode of code.The login password saved in local user's information bank is the login password after encryption, and user exists
The login password inputted in application system is not by encryption, therefore, in the login that single-node login system inputs user
When password is verified, the cipher mode of login password first in acquisition local information library, so that the login for inputting user is close
Code is encrypted using the cipher mode of login password in local information library.
In the embodiment of the present invention, the password encryption mode of login password may be employed without limitation of following manner, such as:
Data encryption algorithm (Data Encryption Algorithm, DEA), message digest algorithm (Message-Digest
Algorithm 5, MD5), secure hash algorithm (Secure Hash Algorithm, SHA), aes algorithm (Advanced
Encryption Standard, AES), the embodiment of the present invention is to the concrete type of password encryption mode without limiting.
Illustratively, as shown in table 1, table 1 shows local user's information bank provided in an embodiment of the present invention.In table 1 only
Illustratively to illustrate, the embodiment of the present invention is in identification information, login password, cipher mode of User ID, application system etc.
Hold without specifically limiting.
Table 1
103, if it is determined that password encryption mode corresponding with the login password is not present in local user's information bank,
The password encryption mode of the login password is then determined according to predetermined encryption mode rule base, and is added with the password after determining
Close mode encrypts the login password.
When password encryption mode corresponding with login password is not present in local user's information bank determining in step 102,
Single logging-on server obtains the login password saved in local user's information bank, and the login password matching based on acquisition is default to be added
Close mode rule base, determines the cipher mode of the login password;And user is inputted using the password encryption mode after determining
Login password is encrypted.Wherein, which includes the Rule Information of known password encryption mode.
It should be noted that predetermined encryption mode rule base described in the embodiment of the present invention is configurable rule base,
When being modified in application system to the cipher mode of login password, and in predetermined encryption mode rule base not to change after
When password encryption mode carries out storage record, the password encryption mode after change can be configured to predetermined encryption mode rule base
In.
104, whether correct encrypted login password is verified.
Step 103 after being encrypted with the password encryption mode after determination to the login password, step on by single-point
The encrypted login password is compared by record server with the login password in local user's information bank, is verified encrypted
Whether the login password is correct.
If 105, the encrypted login password is correct, mentioned to what single sign-on client-side transmission logined successfully
Show information.
When encrypted login password is correct, single logging-on server is logined successfully to single sign-on client-side transmission
Prompt information;When encrypted login password is incorrect, single logging-on server sends to log in single sign-on client-side and lose
The prompt information lost, or when encrypted login password is incorrect, single logging-on server is sent out to single sign-on client-side
Send the prompt information of login password mistake.The embodiment of the present invention proposes single logging-on server to single sign-on client-side transmission
Show the content of information without specifically limiting.
The login method of single-sign-on provided in an embodiment of the present invention, single logging-on server receive single sign-on client-side
The landing request information of transmission carries the identification information of User ID, login password and application system in the landing request information,
User ID and identification information determine in local user's information bank with the presence or absence of password corresponding with login password based on the received
Cipher mode, however, it is determined that password encryption mode corresponding with login password is not present in local user's information bank, then according to default
Cipher mode rule base determines the password encryption mode of the login password, and close to the login with the password encryption mode after determining
Code is encrypted, and verifies whether encrypted login password is striven for, if encrypted login password is correct, to single-sign-on visitor
Family end sends the prompt information logined successfully.Compared with prior art, the embodiment of the present invention determines local user's information bank first
The cipher mode of middle login password is encrypted with the login password that the cipher mode after determination inputs user, it is ensured that local
Login password cipher mode in user information database is consistent with the login password cipher mode that user inputs, i.e., regardless of application system
Using which kind of login password cipher mode, single logging-on server can carry out different login password cipher modes flexible
The legitimacy of verifying login password is realized in matching.
Further, before determining the password encryption mode of login password according to predetermined encryption mode rule base, creation
Predetermined encryption mode rule base, record has the information of all password encryption modes in the predetermined encryption mode rule base;Example
Property, when cipher mode is DES, the key length that the information recorded in predetermined encryption mode rule base is DES is 56 bits;
When cipher mode is MD5, the information recorded in predetermined encryption mode rule base is to convert the character string of a random length
At the hexadecimal numeric string of a fixed length.In the embodiment of the present invention, recorded in related predetermined encryption mode rule base
The information of some password encryption modes, can be using any one description information in the prior art, and the embodiment of the present invention is herein not
It is repeated again.
As a kind of implementation of the embodiment of the present invention, when creating predetermined encryption mode rule base, every kind of password is given
Cipher mode defines a kind of matched regular expression, and regular expression is described using single string, matches a series of symbols
The character string of password encryption mode rule is closed, is logged in so that single logging-on server determines in local user's information bank without record
When the cipher mode of password, the login password pair in local user's information bank can be quickly determined by the regular expression of definition
The cipher mode answered.For example, corresponding regular expression is " [a-fA-F0-9] { 32,32 } " when cipher mode is MD5.
Further, it as the refinement and extension to above-described embodiment, is advised executing step 103 according to predetermined encryption mode
When then library determines the password encryption mode of the login password, it is close that login is obtained according to the identification information of User ID and application system
Code character string, the login password character string are the corresponding character of encrypted login password stored in local user's information bank
String is based on login password string matching predetermined encryption mode rule base, determines the corresponding password encryption of login password character string
Mode.Illustratively, it is assumed that the User ID that single logging-on server receives is zhangsan, and what which logged in is application
System II, single logging-on server be based on zhangsan and application system II, traverse local user's information bank, obtain with
Login password character string is gone to match by the corresponding login password character string of zhangsan and application system II with regular expression
Predetermined encryption mode rule base determines that the password encryption mode of application system II is MD5.It illustrates the above is only illustrative,
In actual application when determining the password encryption mode of login password according to predetermined encryption mode rule base, what is be related to is specific
Content will be defined according to the actual situation.
Further, according to the User ID and the identification information determine in local user's information bank with the presence or absence of with
The corresponding password encryption mode of the login password includes: the identification information for obtaining User ID and application system, is based on user
ID and the identification information of application system traverse local user's information bank, and determine and whether there is in local user's information bank and step on
Record the corresponding password encryption mode of password.There is password encryption side corresponding with login password in local user's information bank when determining
When formula, login password is encrypted based on password encryption mode;When determine in local user's information bank there is no with log in it is close
When the corresponding password encryption mode of code, the password for determining login password in step 103 according to predetermined encryption mode rule base is executed
Cipher mode.
Further, whether correct encrypted login password is verified, specifically: verify encrypted login password and this
Whether the login password character string in ground user information database is consistent, if encrypted login password and login password character string one
It causes, then sends the prompt information logined successfully to single sign-on client-side;If encrypted login password and login password character
Go here and there it is inconsistent, then to single sign-on client-side send login failure prompt information.Illustratively, it is assumed that User ID is
Zhangsan, the login password of user's input are dev, and the password encryption mode of the application system of login is MD5, single-sign-on clothes
Business device carries out password encryption to login password using MD5, and encrypted login password is a character string: E77989ED21758
E78331B20E477FC5582 carries out the login password character string in encrypted login password and local user's information bank
Compare, if comparison result is consistent, single logging-on server sends the prompt information logined successfully to single sign-on client-side;If
Comparison result is inconsistent, then single logging-on server sends login failure to single sign-on client-side, and it is close please to re-enter login
The prompt information of code.
Further, one being carried out to the login of single-sign-on below and summarizing description, the embodiment of the present invention provides another
The login method of kind single-sign-on, as shown in Fig. 2, this method comprises:
201, the predetermined encryption mode rule base is created.
202, the landing request information that single sign-on client-side is sent is received, carries user in the landing request information
The identification information of ID, login password and application system.
203, according to the User ID and the identification information determine in local user's information bank with the presence or absence of with it is described
The corresponding password encryption mode of login password.
If it is determined that password encryption mode corresponding with the login password is not present in local user's information bank, then hold
Row step 204;If it is determined that there is password encryption mode corresponding with the login password in local user's information bank, then hold
Row step 205.
204, the password encryption mode of the login password is determined according to predetermined encryption mode rule base, and with after determination
The password encryption mode encrypts the login password.
205, the login password is encrypted based on the password encryption mode.
206, whether correct encrypted login password is verified.
If the encrypted login password is correct, 207 are thened follow the steps;If the encrypted login password is not just
Really, 208 are thened follow the steps.
207, Xiang Suoshu single sign-on client-side sends the prompt information logined successfully.
208, Xiang Suoshu single sign-on client-side sends the prompt information of login failure.
It should be noted that the detailed description in relation to step 201 in Fig. 2 to step 208, please refers to the above related description,
The embodiment of the present invention is no longer repeated herein.
Further, as the realization to method shown in above-mentioned Fig. 1, the embodiment of the present invention provides a kind of stepping on for single-sign-on
Recording device, as shown in figure 3, the device includes:
Receiving unit 31, for receiving the landing request information of single sign-on client-side transmission, the landing request information
In carry the identification information of User ID, login password and application system, the User ID is user when executing single-sign-on
Unique identification information includes at least one application system in the single sign-on client-side;
First determination unit 32, for according to the received User ID of the receiving unit 31 and the identification information
It determines in local user's information bank with the presence or absence of password encryption mode corresponding with the login password;
Second determination unit 33, for being not present when first determination unit 32 determines in local user's information bank
When password encryption mode corresponding with the login password, the close of the login password is determined according to predetermined encryption mode rule base
Code encryption mode;
First encryption unit 34 is used for after the second determination unit 33 determines the password encryption mode, after determination
The password encryption mode login password is encrypted;Wherein, the predetermined encryption mode rule base includes known
The Rule Information of password encryption mode;
Authentication unit 35, it is whether correct for verifying the encrypted login password of first encryption unit 34;
First transmission unit 36, for when the authentication unit 35 verify the encrypted login password it is correct when, to
The single sign-on client-side sends the prompt information logined successfully.
Further, as shown in figure 4, second determination unit 33 includes:
Module 331 is obtained, it is described to step on for obtaining login password character string according to the User ID and the identification information
Record password string is the corresponding character string of encrypted login password stored in local user's information bank;
Matching module 332, for pre- described in the login password string matching based on acquisition module 331 acquisition
If cipher mode rule base;
Determining module 333, it is pre- described in the login password string matching for being based in the matching module 332 matching
If after cipher mode rule base, determining the corresponding password encryption mode of the login password character string.
Further, as shown in figure 4, described device further include:
Creating unit 37, for determining the login according to predetermined encryption mode rule base in second determination unit 33
Before the password encryption mode of password, the predetermined encryption mode rule base is created.
Further, as shown in figure 4, first determination unit 32 includes:
Module 321 is obtained, for obtaining the User ID and the identification information;
Spider module 322, the User ID and the identification information obtained based on the acquisition module 321 traverse institute
State local user's information bank;
Determining module 323, for being based on the User ID and identification information traversal institute in the spider module 322
After stating local user's information bank, determine that local user's information bank adds with the presence or absence of password corresponding with the login password
Close mode.
Further, as shown in figure 4, described device further include:
Second encryption unit 38, for when first determination unit 32 determine in local user's information bank exist with
When the corresponding password encryption mode of the login password, the login password is encrypted based on the password encryption mode.
Further, as shown in figure 4, described device further include:
Second transmission unit 39, when the authentication unit 35 verify the encrypted login password it is incorrect when, to institute
State the prompt information that single sign-on client-side sends login failure.
Further, the authentication unit 35 is also used to verify the encrypted login password and the login password
Whether character string is consistent;
First transmission unit 36, be also used to when the authentication unit 35 verifying the encrypted login password with
When the login password character string is consistent, Xiang Suoshu single sign-on client-side sends the prompt information logined successfully.
Further, second transmission unit 39 is also used to work as the described encrypted of the authentication unit 35 verifying
When login password and the login password character string are inconsistent, Xiang Suoshu single sign-on client-side sends the prompt letter of login failure
Breath.
The entering device of single-sign-on provided in an embodiment of the present invention, single logging-on server receive single sign-on client-side
The landing request information of transmission carries the identification information of User ID, login password and application system in the landing request information,
User ID and identification information determine in local user's information bank with the presence or absence of password corresponding with login password based on the received
Cipher mode, however, it is determined that password encryption mode corresponding with login password is not present in local user's information bank, then according to default
Cipher mode rule base determines the password encryption mode of the login password, and close to the login with the password encryption mode after determining
Code is encrypted, and verifies whether encrypted login password is striven for, if encrypted login password is correct, to single-sign-on visitor
Family end sends the prompt information logined successfully.Compared with prior art, the embodiment of the present invention determines local user's information bank first
The cipher mode of middle login password is encrypted with the login password that the cipher mode after determination inputs user, it is ensured that local
Login password cipher mode in user information database is consistent with the login password cipher mode that user inputs, i.e., regardless of application system
Using which kind of login password cipher mode, single logging-on server can carry out different login password cipher modes flexible
The legitimacy of verifying login password is realized in matching.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment
Point, reference can be made to the related descriptions of other embodiments.
It is understood that the correlated characteristic in the above method and device can be referred to mutually.In addition, in above-described embodiment
" first ", " second " etc. be and not represent the superiority and inferiority of each embodiment for distinguishing each embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Algorithm and display are not inherently related to any particular computer, virtual system, or other device provided herein.
Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs required by this kind of system
Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various
Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect
Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment
Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any
Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed
All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
Meaning one of can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors
Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice
Microprocessor or digital signal processor (DSP) realize the login method and dress of single-sign-on according to an embodiment of the present invention
The some or all functions of some or all components in setting.The present invention is also implemented as described here for executing
Method some or all device or device programs (for example, computer program and computer program product).This
The program that the realization of sample is of the invention can store on a computer-readable medium, or can have one or more signal
Form.Such signal can be downloaded from an internet website to obtain, and perhaps be provided on the carrier signal or with any other
Form provides.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability
Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch
To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame
Claim.
Claims (12)
1. a kind of login method of single-sign-on characterized by comprising
The landing request information that single sign-on client-side is sent is received, User ID is carried in the landing request information, is logged in
The identification information of password and application system, the User ID are the unique identification information of user when executing single-sign-on, the list
It includes at least one application system that point, which logs in client,;
Being determined in local user's information bank according to the User ID and the identification information whether there is and the login password
Corresponding password encryption mode;
If it is determined that password encryption mode corresponding with the login password is not present in local user's information bank, then according to pre-
If cipher mode rule base determines the password encryption mode of the login password, and with the password encryption mode pair after determining
The login password is encrypted;Wherein, the predetermined encryption mode rule base includes the rule letter of known password encryption mode
Breath;
Whether correct verify encrypted login password;
If the encrypted login password is correct, the prompt information logined successfully is sent to the single sign-on client-side.
2. the method according to claim 1, wherein determining that the login is close according to predetermined encryption mode rule base
Code password encryption mode include:
Login password character string is obtained according to the User ID and the identification information, the login password character string is described
The corresponding character string of encrypted login password stored in ground user information database;
Based on predetermined encryption mode rule base described in the login password string matching, and determine the login password character string
Corresponding password encryption mode.
3. according to the method described in claim 2, it is characterized in that, determining the login according to predetermined encryption mode rule base
Before the password encryption mode of password, the method also includes:
Create the predetermined encryption mode rule base.
4. according to the method described in claim 3, it is characterized in that, determining this according to the User ID and the identification information
It whether there is password encryption mode corresponding with the login password in ground user information database, comprising:
Obtain the User ID and the identification information;
Local user's information bank is traversed based on the User ID and the identification information, and determines local user's letter
Ceasing library whether there is password encryption mode corresponding with the login password.
5. method according to any of claims 1-4, which is characterized in that the method also includes:
If it is determined that there is password encryption mode corresponding with the login password in local user's information bank, then based on described
Password encryption mode encrypts the login password.
6. according to the method described in claim 2, it is characterized in that, verify encrypted login password whether correctly include:
It is whether consistent with login password character string to verify the encrypted login password.
7. a kind of entering device of single-sign-on characterized by comprising
Receiving unit carries in the landing request information for receiving the landing request information of single sign-on client-side transmission
There is the identification information of User ID, login password and application system, the User ID is unique mark of user when executing single-sign-on
Know information, includes at least one application system in the single sign-on client-side;
First determination unit, it is local for being determined according to the received User ID of the receiving unit and the identification information
It whether there is password encryption mode corresponding with the login password in user information database;
Second determination unit, for determining that there is no step on described in local user's information bank when first determination unit
When recording the corresponding password encryption mode of password, the password encryption side of the login password is determined according to predetermined encryption mode rule base
Formula;
First encryption unit, for after the second determination unit determines the password encryption mode, with described close after determination
Code encryption mode encrypts the login password;Wherein, the predetermined encryption mode rule base includes known password encryption
The Rule Information of mode;
Authentication unit, it is whether correct for verifying the encrypted login password of the first encryption unit;
First transmission unit, for when the authentication unit verifying encrypted login password is correct, Xiang Suoshu single-point
It logs in client and sends the prompt information logined successfully.
8. device according to claim 7, which is characterized in that second determination unit includes:
Module is obtained, for obtaining login password character string, the login password according to the User ID and the identification information
Character string is the corresponding character string of encrypted login password stored in local user's information bank;
Matching module, for predetermined encryption mode described in the login password string matching based on the acquisition module acquisition
Rule base;
Determining module, for being based on predetermined encryption mode described in the login password string matching in matching module matching
After rule base, the corresponding password encryption mode of the login password character string is determined.
9. device according to claim 8, which is characterized in that described device further include:
Creating unit, for determining the close of the login password according to predetermined encryption mode rule base in second determination unit
Before code encryption mode, the predetermined encryption mode rule base is created.
10. the device according to any one of claim 7-9, which is characterized in that described device further include:
Second encryption unit, for existing and the login when first determination unit determines in local user's information bank
When the corresponding password encryption mode of password, the login password is encrypted based on the password encryption mode.
11. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program
When control the equipment perform claim where the storage medium and require 1 to the single-sign-on described in any one of claim 6
Login method.
12. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run
Benefit require 1 to the single-sign-on described in any one of claim 6 login method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510622362.9A CN106559383B (en) | 2015-09-25 | 2015-09-25 | The login method and device of single-sign-on |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510622362.9A CN106559383B (en) | 2015-09-25 | 2015-09-25 | The login method and device of single-sign-on |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106559383A CN106559383A (en) | 2017-04-05 |
CN106559383B true CN106559383B (en) | 2019-06-25 |
Family
ID=58414579
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510622362.9A Active CN106559383B (en) | 2015-09-25 | 2015-09-25 | The login method and device of single-sign-on |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106559383B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111901355B (en) * | 2020-08-04 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Authentication method and device |
CN113742676B (en) * | 2021-09-13 | 2024-04-19 | 北京锐安科技有限公司 | Login management method, login management device, login management server, login management system and storage medium |
CN115250204B (en) * | 2022-09-22 | 2022-12-09 | 四川蜀天信息技术有限公司 | Method and system for centralized processing login authentication |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080250388A1 (en) * | 2006-09-22 | 2008-10-09 | Bea Systems, Inc. | Pagelets in adaptive tags |
CN102946384B (en) * | 2012-10-24 | 2016-10-05 | 北京奇虎科技有限公司 | User authentication method and equipment |
CN104283853B (en) * | 2013-07-08 | 2018-04-10 | 华为技术有限公司 | A kind of method, terminal device and network equipment for improving Information Security |
CN103731475B (en) * | 2013-12-06 | 2018-03-30 | 中国科学院深圳先进技术研究院 | A kind of data protection system |
CN103685282B (en) * | 2013-12-18 | 2016-08-24 | 飞天诚信科技股份有限公司 | A kind of identity identifying method based on single-sign-on |
-
2015
- 2015-09-25 CN CN201510622362.9A patent/CN106559383B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN106559383A (en) | 2017-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2019275598B2 (en) | Systems and methods for authenticating an online user using a secure authorizaton server | |
CN108023874B (en) | Single sign-on verification device and method and computer readable storage medium | |
Li et al. | The {Emperor’s} new password manager: Security analysis of web-based password managers | |
CN105007280B (en) | A kind of application login method and device | |
EP3320523B1 (en) | Method and device for authentication using dynamic passwords | |
US11539690B2 (en) | Authentication system, authentication method, and application providing method | |
US9843578B2 (en) | Mobile security fob | |
US8769637B2 (en) | Iterated password hash systems and methods for preserving password entropy | |
US8438383B2 (en) | User authentication system | |
US20150341356A1 (en) | Login method and apparatus | |
US20140325623A1 (en) | Authentication manager | |
JP2017503254A (en) | Method and system for determining whether a terminal logged into a website is a mobile terminal | |
CN106685973B (en) | Remember method and device, log-in control method and the device of log-on message | |
US20080263361A1 (en) | Cryptographically strong key derivation using password, audio-visual and mental means | |
US20200364323A1 (en) | Secure generation and verification of machine-readable visual codes | |
CN108900471A (en) | It is used for transmission server, client, network system and the method for data | |
US20120036565A1 (en) | Personal data protection suite | |
US9747434B1 (en) | Authenticating with an external device by providing a message having message fields arranged in a particular message field order | |
CN105099707B (en) | A kind of offline authentication method, server and system | |
CN109618341A (en) | A kind of digital signature authentication method, system, device and storage medium | |
WO2014048749A1 (en) | Inter-domain single sign-on | |
CN106302453A (en) | The processing method of data, Apparatus and system | |
KR102137122B1 (en) | Security check method, device, terminal and server | |
CN109388937B (en) | Single sign-on method and sign-on system for multi-factor identity authentication | |
WO2015043787A1 (en) | Method and system for authenticating a user of a device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing Applicant after: Beijing Guoshuang Technology Co.,Ltd. Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing Applicant before: Beijing Guoshuang Technology Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |