CN106559383B - The login method and device of single-sign-on - Google Patents

The login method and device of single-sign-on Download PDF

Info

Publication number
CN106559383B
CN106559383B CN201510622362.9A CN201510622362A CN106559383B CN 106559383 B CN106559383 B CN 106559383B CN 201510622362 A CN201510622362 A CN 201510622362A CN 106559383 B CN106559383 B CN 106559383B
Authority
CN
China
Prior art keywords
password
login
encryption mode
login password
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510622362.9A
Other languages
Chinese (zh)
Other versions
CN106559383A (en
Inventor
张鹏霄
陈改静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Gridsum Technology Co Ltd
Original Assignee
Beijing Gridsum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Gridsum Technology Co Ltd filed Critical Beijing Gridsum Technology Co Ltd
Priority to CN201510622362.9A priority Critical patent/CN106559383B/en
Publication of CN106559383A publication Critical patent/CN106559383A/en
Application granted granted Critical
Publication of CN106559383B publication Critical patent/CN106559383B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of login method of single-sign-on and devices, are related to field of communication technology.Main technical schemes of the invention include: the landing request information for receiving single sign-on client-side and sending, and the identification information of User ID, login password and application system is carried in landing request information;It is determined in local user's information bank according to User ID and identification information with the presence or absence of password encryption mode corresponding with login password;If it is determined that password encryption mode corresponding with login password is not present in local user's information bank, then the password encryption mode of login password is determined according to predetermined encryption mode rule base, and encrypted to login password with the password encryption mode after determining;Whether correct verify encrypted login password;If encrypted login password is correct, the prompt information logined successfully is sent to single sign-on client-side.During matching a variety of password encryption modes in single-node login system.

Description

The login method and device of single-sign-on
Technical field
The present invention relates to fields of communication technology, more particularly to the login method and device of a kind of single-sign-on.
Background technique
Single-sign-on (Single Sign On, SSO) be popular business event integration at present solution it One.It include multiple application systems in single-node login system, user, which only needs to log in, can once access all mutual trusts Application system.The implementation procedure of single-node login system specifically: when user's access application system 1 for the first time, can be directed into It is logged in Verification System;According to the log-on message that user provides, server carries out authentication, if returned by verifying Authority-the ticket authenticated back to user one;When user accesses application system 2, carry ticket as login authentication with According to application system 2 verifies the ticket, checks the legitimacy of ticket, if be proved to be successful, user can be not With accessing application system 2 in the case where logging on.
In order to ensure account and cryptosecurity, each application system has fixed cipher mode in single-node login system, But the cipher mode of password is different in each application system.It is corresponding that single logging-on server will record each application system Cipher mode, when the password encryption mode one that saves in the password encryption mode and single logging-on server for log in application system When cause, application system is successfully logged in;When some application system has replaced password encryption mode in single-sign-on, and single-sign-on takes When business device does not save the password encryption mode after replacement, due to logging in the password encryption mode and single-point of application system The password encryption mode saved in login service device is inconsistent, in the login password and single logging-on server for causing user to input The login password of preservation is inconsistent, causes user that can not successfully log in the application system, therefore log in the flexibility of application system It is lower.
Summary of the invention
In view of this, the login method and device of a kind of single-sign-on provided by the invention, main purpose be to solve by The password encryption mode saved in the password encryption mode and single logging-on server for logging in application system is inconsistent, causes to use The login password saved in the login password and single logging-on server of family input is inconsistent, causes user that can not successfully log in this Application system, therefore single-node login system logs in the lower problem of flexibility of application system.
To solve the above-mentioned problems, present invention generally provides following technical solutions:
On the one hand, the present invention provides a kind of login methods of single-sign-on, this method comprises:
Receive the landing request information that single sign-on client-side is sent, carry in the landing request information User ID, The identification information of login password and application system, the User ID are the unique identification information of user when executing single-sign-on, institute Stating in single sign-on client-side includes at least one application system;
Being determined in local user's information bank according to the User ID and the identification information whether there is and the login The corresponding password encryption mode of password;
If it is determined that password encryption mode corresponding with the login password, then root are not present in local user's information bank Determine the password encryption mode of the login password according to predetermined encryption mode rule base, and with the password encryption side after determining Formula encrypts the login password;Wherein, the predetermined encryption mode rule base includes the rule of known password encryption mode Then information;
Whether correct verify encrypted login password;
If the encrypted login password is correct, the prompt letter logined successfully is sent to the single sign-on client-side Breath.
On the other hand, the present invention also provides a kind of entering device of single-sign-on, which includes:
Receiving unit, for receiving the landing request information of single sign-on client-side transmission, in the landing request information Carry the identification information of User ID, login password and application system, the User ID is that user is only when executing single-sign-on One identification information includes at least one application system in the single sign-on client-side;
First determination unit, for being determined according to the received User ID of the receiving unit and the identification information It whether there is password encryption mode corresponding with the login password in local user's information bank;
Second determination unit, for being not present and institute when first determination unit determines in local user's information bank When stating the corresponding password encryption mode of login password, determine that the password of the login password adds according to predetermined encryption mode rule base Close mode;
First encryption unit, for after the second determination unit determines the password encryption mode, with the institute after determination Password encryption mode is stated to encrypt the login password;Wherein, the predetermined encryption mode rule base includes known password The Rule Information of cipher mode;
Authentication unit, it is whether correct for verifying the encrypted login password of the first encryption unit;
First transmission unit, for when the authentication unit verifying encrypted login password is correct, Xiang Suoshu Single sign-on client-side sends the prompt information logined successfully.
By above-mentioned technical proposal, technical solution provided by the invention is at least had the advantage that
The login method and device of single-sign-on provided by the invention, single logging-on server receive single sign-on client-side The landing request information of transmission carries the identification information of User ID, login password and application system in the landing request information, User ID and identification information determine in local user's information bank with the presence or absence of password corresponding with login password based on the received Cipher mode, however, it is determined that password encryption mode corresponding with login password is not present in local user's information bank, then according to default Cipher mode rule base determines the password encryption mode of the login password, and close to the login with the password encryption mode after determining Code is encrypted, and verifies whether encrypted login password is striven for, if encrypted login password is correct, to single-sign-on visitor Family end sends the prompt information logined successfully.Compared with prior art, the present invention determines log in local user's information bank first The cipher mode of password is encrypted with the login password that the cipher mode after determination inputs user, it is ensured that local user's letter The login password cipher mode ceased in library is consistent with the login password cipher mode that user inputs, i.e., regardless of what application system uses Different login password cipher modes can be flexibly matched in kind login password cipher mode, single logging-on server, Realize the legitimacy of verifying login password.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows a kind of schematic diagram of the login method of single-sign-on provided in an embodiment of the present invention;
Fig. 2 shows the schematic diagrames of the login method of another single-sign-on provided in an embodiment of the present invention;
Fig. 3 shows a kind of composition block diagram of the entering device of single-sign-on provided in an embodiment of the present invention;
Fig. 4 shows the composition block diagram of the entering device of another single-sign-on provided in an embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
The embodiment of the invention provides a kind of login method of single-sign-on, this method is applied to single logging-on server Side, as shown in Figure 1, this method comprises:
101, the landing request information that single sign-on client-side is sent is received, carries user in the landing request information The identification information of ID, login password and application system.
Include single sign-on client-side and single logging-on server in single-node login system, includes in single sign-on client-side At least one application system, each application system have the User ID of itself, which is user when executing single-sign-on Unique identification information, after single-node login system verifies User ID success, which can not have to the case where logging on Other application system in lower access single sign-on client-side.
When logging in single-node login system, single sign-on client-side sends landing request information to single logging-on server, The identification information of User ID, login password and application system is carried in the landing request information, single logging-on server receives After the solicited message that single sign-on client-side is sent, the User ID, login password and the application system that are carried in acquisition request information The identification information of system, the embodiment of the present invention is to the information carried in solicited message without specifically limiting.
102, according to the User ID and the identification information determine in local user's information bank with the presence or absence of with it is described The corresponding password encryption mode of login password.
After User ID succeeds in registration, the User ID and login password can be saved in single-sign-on by single-node login system It in local user's information bank of system, is included at least in local user's information bank: User ID, login password, application system Identification information, password encryption mode, login time etc..It should be noted that in embodiments of the present invention, each application system There is different password encryption modes, it is close to need to obtain the login before the legitimacy of verifying login password for single-node login system The password encryption mode of code.The login password saved in local user's information bank is the login password after encryption, and user exists The login password inputted in application system is not by encryption, therefore, in the login that single-node login system inputs user When password is verified, the cipher mode of login password first in acquisition local information library, so that the login for inputting user is close Code is encrypted using the cipher mode of login password in local information library.
In the embodiment of the present invention, the password encryption mode of login password may be employed without limitation of following manner, such as: Data encryption algorithm (Data Encryption Algorithm, DEA), message digest algorithm (Message-Digest Algorithm 5, MD5), secure hash algorithm (Secure Hash Algorithm, SHA), aes algorithm (Advanced Encryption Standard, AES), the embodiment of the present invention is to the concrete type of password encryption mode without limiting.
Illustratively, as shown in table 1, table 1 shows local user's information bank provided in an embodiment of the present invention.In table 1 only Illustratively to illustrate, the embodiment of the present invention is in identification information, login password, cipher mode of User ID, application system etc. Hold without specifically limiting.
Table 1
103, if it is determined that password encryption mode corresponding with the login password is not present in local user's information bank, The password encryption mode of the login password is then determined according to predetermined encryption mode rule base, and is added with the password after determining Close mode encrypts the login password.
When password encryption mode corresponding with login password is not present in local user's information bank determining in step 102, Single logging-on server obtains the login password saved in local user's information bank, and the login password matching based on acquisition is default to be added Close mode rule base, determines the cipher mode of the login password;And user is inputted using the password encryption mode after determining Login password is encrypted.Wherein, which includes the Rule Information of known password encryption mode.
It should be noted that predetermined encryption mode rule base described in the embodiment of the present invention is configurable rule base, When being modified in application system to the cipher mode of login password, and in predetermined encryption mode rule base not to change after When password encryption mode carries out storage record, the password encryption mode after change can be configured to predetermined encryption mode rule base In.
104, whether correct encrypted login password is verified.
Step 103 after being encrypted with the password encryption mode after determination to the login password, step on by single-point The encrypted login password is compared by record server with the login password in local user's information bank, is verified encrypted Whether the login password is correct.
If 105, the encrypted login password is correct, mentioned to what single sign-on client-side transmission logined successfully Show information.
When encrypted login password is correct, single logging-on server is logined successfully to single sign-on client-side transmission Prompt information;When encrypted login password is incorrect, single logging-on server sends to log in single sign-on client-side and lose The prompt information lost, or when encrypted login password is incorrect, single logging-on server is sent out to single sign-on client-side Send the prompt information of login password mistake.The embodiment of the present invention proposes single logging-on server to single sign-on client-side transmission Show the content of information without specifically limiting.
The login method of single-sign-on provided in an embodiment of the present invention, single logging-on server receive single sign-on client-side The landing request information of transmission carries the identification information of User ID, login password and application system in the landing request information, User ID and identification information determine in local user's information bank with the presence or absence of password corresponding with login password based on the received Cipher mode, however, it is determined that password encryption mode corresponding with login password is not present in local user's information bank, then according to default Cipher mode rule base determines the password encryption mode of the login password, and close to the login with the password encryption mode after determining Code is encrypted, and verifies whether encrypted login password is striven for, if encrypted login password is correct, to single-sign-on visitor Family end sends the prompt information logined successfully.Compared with prior art, the embodiment of the present invention determines local user's information bank first The cipher mode of middle login password is encrypted with the login password that the cipher mode after determination inputs user, it is ensured that local Login password cipher mode in user information database is consistent with the login password cipher mode that user inputs, i.e., regardless of application system Using which kind of login password cipher mode, single logging-on server can carry out different login password cipher modes flexible The legitimacy of verifying login password is realized in matching.
Further, before determining the password encryption mode of login password according to predetermined encryption mode rule base, creation Predetermined encryption mode rule base, record has the information of all password encryption modes in the predetermined encryption mode rule base;Example Property, when cipher mode is DES, the key length that the information recorded in predetermined encryption mode rule base is DES is 56 bits; When cipher mode is MD5, the information recorded in predetermined encryption mode rule base is to convert the character string of a random length At the hexadecimal numeric string of a fixed length.In the embodiment of the present invention, recorded in related predetermined encryption mode rule base The information of some password encryption modes, can be using any one description information in the prior art, and the embodiment of the present invention is herein not It is repeated again.
As a kind of implementation of the embodiment of the present invention, when creating predetermined encryption mode rule base, every kind of password is given Cipher mode defines a kind of matched regular expression, and regular expression is described using single string, matches a series of symbols The character string of password encryption mode rule is closed, is logged in so that single logging-on server determines in local user's information bank without record When the cipher mode of password, the login password pair in local user's information bank can be quickly determined by the regular expression of definition The cipher mode answered.For example, corresponding regular expression is " [a-fA-F0-9] { 32,32 } " when cipher mode is MD5.
Further, it as the refinement and extension to above-described embodiment, is advised executing step 103 according to predetermined encryption mode When then library determines the password encryption mode of the login password, it is close that login is obtained according to the identification information of User ID and application system Code character string, the login password character string are the corresponding character of encrypted login password stored in local user's information bank String is based on login password string matching predetermined encryption mode rule base, determines the corresponding password encryption of login password character string Mode.Illustratively, it is assumed that the User ID that single logging-on server receives is zhangsan, and what which logged in is application System II, single logging-on server be based on zhangsan and application system II, traverse local user's information bank, obtain with Login password character string is gone to match by the corresponding login password character string of zhangsan and application system II with regular expression Predetermined encryption mode rule base determines that the password encryption mode of application system II is MD5.It illustrates the above is only illustrative, In actual application when determining the password encryption mode of login password according to predetermined encryption mode rule base, what is be related to is specific Content will be defined according to the actual situation.
Further, according to the User ID and the identification information determine in local user's information bank with the presence or absence of with The corresponding password encryption mode of the login password includes: the identification information for obtaining User ID and application system, is based on user ID and the identification information of application system traverse local user's information bank, and determine and whether there is in local user's information bank and step on Record the corresponding password encryption mode of password.There is password encryption side corresponding with login password in local user's information bank when determining When formula, login password is encrypted based on password encryption mode;When determine in local user's information bank there is no with log in it is close When the corresponding password encryption mode of code, the password for determining login password in step 103 according to predetermined encryption mode rule base is executed Cipher mode.
Further, whether correct encrypted login password is verified, specifically: verify encrypted login password and this Whether the login password character string in ground user information database is consistent, if encrypted login password and login password character string one It causes, then sends the prompt information logined successfully to single sign-on client-side;If encrypted login password and login password character Go here and there it is inconsistent, then to single sign-on client-side send login failure prompt information.Illustratively, it is assumed that User ID is Zhangsan, the login password of user's input are dev, and the password encryption mode of the application system of login is MD5, single-sign-on clothes Business device carries out password encryption to login password using MD5, and encrypted login password is a character string: E77989ED21758 E78331B20E477FC5582 carries out the login password character string in encrypted login password and local user's information bank Compare, if comparison result is consistent, single logging-on server sends the prompt information logined successfully to single sign-on client-side;If Comparison result is inconsistent, then single logging-on server sends login failure to single sign-on client-side, and it is close please to re-enter login The prompt information of code.
Further, one being carried out to the login of single-sign-on below and summarizing description, the embodiment of the present invention provides another The login method of kind single-sign-on, as shown in Fig. 2, this method comprises:
201, the predetermined encryption mode rule base is created.
202, the landing request information that single sign-on client-side is sent is received, carries user in the landing request information The identification information of ID, login password and application system.
203, according to the User ID and the identification information determine in local user's information bank with the presence or absence of with it is described The corresponding password encryption mode of login password.
If it is determined that password encryption mode corresponding with the login password is not present in local user's information bank, then hold Row step 204;If it is determined that there is password encryption mode corresponding with the login password in local user's information bank, then hold Row step 205.
204, the password encryption mode of the login password is determined according to predetermined encryption mode rule base, and with after determination The password encryption mode encrypts the login password.
205, the login password is encrypted based on the password encryption mode.
206, whether correct encrypted login password is verified.
If the encrypted login password is correct, 207 are thened follow the steps;If the encrypted login password is not just Really, 208 are thened follow the steps.
207, Xiang Suoshu single sign-on client-side sends the prompt information logined successfully.
208, Xiang Suoshu single sign-on client-side sends the prompt information of login failure.
It should be noted that the detailed description in relation to step 201 in Fig. 2 to step 208, please refers to the above related description, The embodiment of the present invention is no longer repeated herein.
Further, as the realization to method shown in above-mentioned Fig. 1, the embodiment of the present invention provides a kind of stepping on for single-sign-on Recording device, as shown in figure 3, the device includes:
Receiving unit 31, for receiving the landing request information of single sign-on client-side transmission, the landing request information In carry the identification information of User ID, login password and application system, the User ID is user when executing single-sign-on Unique identification information includes at least one application system in the single sign-on client-side;
First determination unit 32, for according to the received User ID of the receiving unit 31 and the identification information It determines in local user's information bank with the presence or absence of password encryption mode corresponding with the login password;
Second determination unit 33, for being not present when first determination unit 32 determines in local user's information bank When password encryption mode corresponding with the login password, the close of the login password is determined according to predetermined encryption mode rule base Code encryption mode;
First encryption unit 34 is used for after the second determination unit 33 determines the password encryption mode, after determination The password encryption mode login password is encrypted;Wherein, the predetermined encryption mode rule base includes known The Rule Information of password encryption mode;
Authentication unit 35, it is whether correct for verifying the encrypted login password of first encryption unit 34;
First transmission unit 36, for when the authentication unit 35 verify the encrypted login password it is correct when, to The single sign-on client-side sends the prompt information logined successfully.
Further, as shown in figure 4, second determination unit 33 includes:
Module 331 is obtained, it is described to step on for obtaining login password character string according to the User ID and the identification information Record password string is the corresponding character string of encrypted login password stored in local user's information bank;
Matching module 332, for pre- described in the login password string matching based on acquisition module 331 acquisition If cipher mode rule base;
Determining module 333, it is pre- described in the login password string matching for being based in the matching module 332 matching If after cipher mode rule base, determining the corresponding password encryption mode of the login password character string.
Further, as shown in figure 4, described device further include:
Creating unit 37, for determining the login according to predetermined encryption mode rule base in second determination unit 33 Before the password encryption mode of password, the predetermined encryption mode rule base is created.
Further, as shown in figure 4, first determination unit 32 includes:
Module 321 is obtained, for obtaining the User ID and the identification information;
Spider module 322, the User ID and the identification information obtained based on the acquisition module 321 traverse institute State local user's information bank;
Determining module 323, for being based on the User ID and identification information traversal institute in the spider module 322 After stating local user's information bank, determine that local user's information bank adds with the presence or absence of password corresponding with the login password Close mode.
Further, as shown in figure 4, described device further include:
Second encryption unit 38, for when first determination unit 32 determine in local user's information bank exist with When the corresponding password encryption mode of the login password, the login password is encrypted based on the password encryption mode.
Further, as shown in figure 4, described device further include:
Second transmission unit 39, when the authentication unit 35 verify the encrypted login password it is incorrect when, to institute State the prompt information that single sign-on client-side sends login failure.
Further, the authentication unit 35 is also used to verify the encrypted login password and the login password Whether character string is consistent;
First transmission unit 36, be also used to when the authentication unit 35 verifying the encrypted login password with When the login password character string is consistent, Xiang Suoshu single sign-on client-side sends the prompt information logined successfully.
Further, second transmission unit 39 is also used to work as the described encrypted of the authentication unit 35 verifying When login password and the login password character string are inconsistent, Xiang Suoshu single sign-on client-side sends the prompt letter of login failure Breath.
The entering device of single-sign-on provided in an embodiment of the present invention, single logging-on server receive single sign-on client-side The landing request information of transmission carries the identification information of User ID, login password and application system in the landing request information, User ID and identification information determine in local user's information bank with the presence or absence of password corresponding with login password based on the received Cipher mode, however, it is determined that password encryption mode corresponding with login password is not present in local user's information bank, then according to default Cipher mode rule base determines the password encryption mode of the login password, and close to the login with the password encryption mode after determining Code is encrypted, and verifies whether encrypted login password is striven for, if encrypted login password is correct, to single-sign-on visitor Family end sends the prompt information logined successfully.Compared with prior art, the embodiment of the present invention determines local user's information bank first The cipher mode of middle login password is encrypted with the login password that the cipher mode after determination inputs user, it is ensured that local Login password cipher mode in user information database is consistent with the login password cipher mode that user inputs, i.e., regardless of application system Using which kind of login password cipher mode, single logging-on server can carry out different login password cipher modes flexible The legitimacy of verifying login password is realized in matching.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment Point, reference can be made to the related descriptions of other embodiments.
It is understood that the correlated characteristic in the above method and device can be referred to mutually.In addition, in above-described embodiment " first ", " second " etc. be and not represent the superiority and inferiority of each embodiment for distinguishing each embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Algorithm and display are not inherently related to any particular computer, virtual system, or other device provided herein. Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs required by this kind of system Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed Meaning one of can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice Microprocessor or digital signal processor (DSP) realize the login method and dress of single-sign-on according to an embodiment of the present invention The some or all functions of some or all components in setting.The present invention is also implemented as described here for executing Method some or all device or device programs (for example, computer program and computer program product).This The program that the realization of sample is of the invention can store on a computer-readable medium, or can have one or more signal Form.Such signal can be downloaded from an internet website to obtain, and perhaps be provided on the carrier signal or with any other Form provides.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame Claim.

Claims (12)

1. a kind of login method of single-sign-on characterized by comprising
The landing request information that single sign-on client-side is sent is received, User ID is carried in the landing request information, is logged in The identification information of password and application system, the User ID are the unique identification information of user when executing single-sign-on, the list It includes at least one application system that point, which logs in client,;
Being determined in local user's information bank according to the User ID and the identification information whether there is and the login password Corresponding password encryption mode;
If it is determined that password encryption mode corresponding with the login password is not present in local user's information bank, then according to pre- If cipher mode rule base determines the password encryption mode of the login password, and with the password encryption mode pair after determining The login password is encrypted;Wherein, the predetermined encryption mode rule base includes the rule letter of known password encryption mode Breath;
Whether correct verify encrypted login password;
If the encrypted login password is correct, the prompt information logined successfully is sent to the single sign-on client-side.
2. the method according to claim 1, wherein determining that the login is close according to predetermined encryption mode rule base Code password encryption mode include:
Login password character string is obtained according to the User ID and the identification information, the login password character string is described The corresponding character string of encrypted login password stored in ground user information database;
Based on predetermined encryption mode rule base described in the login password string matching, and determine the login password character string Corresponding password encryption mode.
3. according to the method described in claim 2, it is characterized in that, determining the login according to predetermined encryption mode rule base Before the password encryption mode of password, the method also includes:
Create the predetermined encryption mode rule base.
4. according to the method described in claim 3, it is characterized in that, determining this according to the User ID and the identification information It whether there is password encryption mode corresponding with the login password in ground user information database, comprising:
Obtain the User ID and the identification information;
Local user's information bank is traversed based on the User ID and the identification information, and determines local user's letter Ceasing library whether there is password encryption mode corresponding with the login password.
5. method according to any of claims 1-4, which is characterized in that the method also includes:
If it is determined that there is password encryption mode corresponding with the login password in local user's information bank, then based on described Password encryption mode encrypts the login password.
6. according to the method described in claim 2, it is characterized in that, verify encrypted login password whether correctly include:
It is whether consistent with login password character string to verify the encrypted login password.
7. a kind of entering device of single-sign-on characterized by comprising
Receiving unit carries in the landing request information for receiving the landing request information of single sign-on client-side transmission There is the identification information of User ID, login password and application system, the User ID is unique mark of user when executing single-sign-on Know information, includes at least one application system in the single sign-on client-side;
First determination unit, it is local for being determined according to the received User ID of the receiving unit and the identification information It whether there is password encryption mode corresponding with the login password in user information database;
Second determination unit, for determining that there is no step on described in local user's information bank when first determination unit When recording the corresponding password encryption mode of password, the password encryption side of the login password is determined according to predetermined encryption mode rule base Formula;
First encryption unit, for after the second determination unit determines the password encryption mode, with described close after determination Code encryption mode encrypts the login password;Wherein, the predetermined encryption mode rule base includes known password encryption The Rule Information of mode;
Authentication unit, it is whether correct for verifying the encrypted login password of the first encryption unit;
First transmission unit, for when the authentication unit verifying encrypted login password is correct, Xiang Suoshu single-point It logs in client and sends the prompt information logined successfully.
8. device according to claim 7, which is characterized in that second determination unit includes:
Module is obtained, for obtaining login password character string, the login password according to the User ID and the identification information Character string is the corresponding character string of encrypted login password stored in local user's information bank;
Matching module, for predetermined encryption mode described in the login password string matching based on the acquisition module acquisition Rule base;
Determining module, for being based on predetermined encryption mode described in the login password string matching in matching module matching After rule base, the corresponding password encryption mode of the login password character string is determined.
9. device according to claim 8, which is characterized in that described device further include:
Creating unit, for determining the close of the login password according to predetermined encryption mode rule base in second determination unit Before code encryption mode, the predetermined encryption mode rule base is created.
10. the device according to any one of claim 7-9, which is characterized in that described device further include:
Second encryption unit, for existing and the login when first determination unit determines in local user's information bank When the corresponding password encryption mode of password, the login password is encrypted based on the password encryption mode.
11. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program When control the equipment perform claim where the storage medium and require 1 to the single-sign-on described in any one of claim 6 Login method.
12. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run Benefit require 1 to the single-sign-on described in any one of claim 6 login method.
CN201510622362.9A 2015-09-25 2015-09-25 The login method and device of single-sign-on Active CN106559383B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510622362.9A CN106559383B (en) 2015-09-25 2015-09-25 The login method and device of single-sign-on

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510622362.9A CN106559383B (en) 2015-09-25 2015-09-25 The login method and device of single-sign-on

Publications (2)

Publication Number Publication Date
CN106559383A CN106559383A (en) 2017-04-05
CN106559383B true CN106559383B (en) 2019-06-25

Family

ID=58414579

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510622362.9A Active CN106559383B (en) 2015-09-25 2015-09-25 The login method and device of single-sign-on

Country Status (1)

Country Link
CN (1) CN106559383B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111901355B (en) * 2020-08-04 2022-09-16 北京天融信网络安全技术有限公司 Authentication method and device
CN113742676B (en) * 2021-09-13 2024-04-19 北京锐安科技有限公司 Login management method, login management device, login management server, login management system and storage medium
CN115250204B (en) * 2022-09-22 2022-12-09 四川蜀天信息技术有限公司 Method and system for centralized processing login authentication

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080250388A1 (en) * 2006-09-22 2008-10-09 Bea Systems, Inc. Pagelets in adaptive tags
CN102946384B (en) * 2012-10-24 2016-10-05 北京奇虎科技有限公司 User authentication method and equipment
CN104283853B (en) * 2013-07-08 2018-04-10 华为技术有限公司 A kind of method, terminal device and network equipment for improving Information Security
CN103731475B (en) * 2013-12-06 2018-03-30 中国科学院深圳先进技术研究院 A kind of data protection system
CN103685282B (en) * 2013-12-18 2016-08-24 飞天诚信科技股份有限公司 A kind of identity identifying method based on single-sign-on

Also Published As

Publication number Publication date
CN106559383A (en) 2017-04-05

Similar Documents

Publication Publication Date Title
AU2019275598B2 (en) Systems and methods for authenticating an online user using a secure authorizaton server
CN108023874B (en) Single sign-on verification device and method and computer readable storage medium
Li et al. The {Emperor’s} new password manager: Security analysis of web-based password managers
CN105007280B (en) A kind of application login method and device
EP3320523B1 (en) Method and device for authentication using dynamic passwords
US11539690B2 (en) Authentication system, authentication method, and application providing method
US9843578B2 (en) Mobile security fob
US8769637B2 (en) Iterated password hash systems and methods for preserving password entropy
US8438383B2 (en) User authentication system
US20150341356A1 (en) Login method and apparatus
US20140325623A1 (en) Authentication manager
JP2017503254A (en) Method and system for determining whether a terminal logged into a website is a mobile terminal
CN106685973B (en) Remember method and device, log-in control method and the device of log-on message
US20080263361A1 (en) Cryptographically strong key derivation using password, audio-visual and mental means
US20200364323A1 (en) Secure generation and verification of machine-readable visual codes
CN108900471A (en) It is used for transmission server, client, network system and the method for data
US20120036565A1 (en) Personal data protection suite
US9747434B1 (en) Authenticating with an external device by providing a message having message fields arranged in a particular message field order
CN105099707B (en) A kind of offline authentication method, server and system
CN109618341A (en) A kind of digital signature authentication method, system, device and storage medium
WO2014048749A1 (en) Inter-domain single sign-on
CN106302453A (en) The processing method of data, Apparatus and system
KR102137122B1 (en) Security check method, device, terminal and server
CN109388937B (en) Single sign-on method and sign-on system for multi-factor identity authentication
WO2015043787A1 (en) Method and system for authenticating a user of a device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing

Applicant after: Beijing Guoshuang Technology Co.,Ltd.

Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing

Applicant before: Beijing Guoshuang Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant