CN107508837A - A kind of cross-platform heterogeneous system login method based on intelligent code key certification - Google Patents

A kind of cross-platform heterogeneous system login method based on intelligent code key certification Download PDF

Info

Publication number
CN107508837A
CN107508837A CN201710898258.1A CN201710898258A CN107508837A CN 107508837 A CN107508837 A CN 107508837A CN 201710898258 A CN201710898258 A CN 201710898258A CN 107508837 A CN107508837 A CN 107508837A
Authority
CN
China
Prior art keywords
user
platform
operation system
certification
code key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710898258.1A
Other languages
Chinese (zh)
Inventor
王健
尹飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Inspur Genersoft Information Technology Co Ltd
Original Assignee
Shandong Inspur Genersoft Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Inspur Genersoft Information Technology Co Ltd filed Critical Shandong Inspur Genersoft Information Technology Co Ltd
Priority to CN201710898258.1A priority Critical patent/CN107508837A/en
Publication of CN107508837A publication Critical patent/CN107508837A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of cross-platform heterogeneous system login method based on intelligent code key certification, methods described is based on PKI theoretical systems, utilize intelligent code key, digital signature and digital Certificate Authentication Mechanism, unified certification service platform is provided for multiservice system user, pass through conformity of business operation system and content, unified certification and access control to user identity, realize the integration of the single-sign-on and information resources of each operation system.Enterprise staff is in the access process of application system, it is only necessary to remembers a password, it is possible to log in multiple heterogeneous systems;Unified subscriber identity information is provided, information sharing can also be carried out by not united even if each application system user (asu) identity information content and data format, realized and interconnected;After intelligent code key authenticated encryption, it is ensured that it is original text that user, which transmits data, is not maliciously tampered, and can confirm that the identity of user.

Description

A kind of cross-platform heterogeneous system login method based on intelligent code key certification
Technical field
The present invention relates to technical field of system security, and in particular to a kind of based on the cross-platform different of intelligent code key certification Construction system login method.
Background technology
Current information epoch people are for the authenticity of information, accuracy, promptness more and more higher, the side to obtaining information Formula proposes higher requirement, and along with the development of computer information technology, people are able to more convenient acquisition information. The mode that people generally obtain information is by computer system, and higher want thus is proposed to computer information system Ask, not only authenticity, accuracy and promptness, the requirement more and more higher to security.
In enterprises, computer network and information technology are developed rapidly so that the degree of IT application in enterprises constantly carries Height, in the Process of Information of enterprise, the increasing operation system such as OA, CRM, HCM, MES, ERP is arisen at the historic moment, and is carried The managerial skills and operational efficiency of Gao Liao enterprises.At the same time, each application system has the authentication system of oneself, and system Also height is different for level of security, and these system architectures are different, are broadly divided into Liang great camps:.NET platform and JAVA platforms. If enterprise does not build application system security authentic authentication platform, can there are following numerous serious problems and security risk:
1. enterprise staff is in the access process of application system, it has to remember substantial amounts of account password, and password pole Easily forget or reveal, loss is brought for enterprise.
2. the acquiring way of company information is on the increase, but is a lack of carrying out these information the platform of overview display.
3. each application system user (asu) identity information content and data format disunity, ununified user identity letter Breath, can not carry out information sharing, can not realize interconnection and interflow.
4. secure data area lack integrality, it is impossible to it is real original text to ensure file, if be not intended to or maliciously Distort, whether be consistent with initial data in content and length, lack the authenticity and non-repudiation of data source, Sender can deny that he once sent out this part of file, it is impossible to confirm the source of file, strictly conveyer after file is sent out I, is forged by others.
5. but as the Opening degree raising of closed system, increasing information security issue also emerge simultaneously Come.
User of the enterprise staff as information system, it may be desirable to these information systems processing company affair is often logged in, Thus the convenience to enterprise information system and security propose higher requirement.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of cross-platform isomery based on intelligent code key certification System login method.
The technical scheme is that:
A kind of cross-platform heterogeneous system login method based on intelligent code key certification, it is characterised in that methods described Based on PKI (Public Key Infrastructure) theoretical system, demonstrate,proved using intelligent code key, digital signature and numeral Book authentication mechanism, unified certification service platform is provided for the multiservice system user such as door, OA, by conformity of business operation system and interior Hold, unified certification and access control to user identity, more safely realize the single-sign-on and information resources of each operation system Integration.
The unified certification of the user identity ensures security using SSL encryption passage, and certificate server is responsible for SSL encryption The foundation of passage.
1) for password authentication mode, certificate server is configured to unidirectional SSL encryption passage, and client does not need certificate;
2) for intelligent code key authentication mode, certificate server is configured to two-way SSL encryption passage, and client is necessary User certificate is provided, and the verification to user certificate and user identity is completed by certificate server.
The work that receiving the operation system of unified certification needs to complete includes:
Installation operation system accesses preposition and configures certificate and private key, to establish between client and operation system SSL encryption passage, and the user authentication information of the ciphering signature of receiving and processing platform offer;
Associated interface is provided and accesses checking interface, and is configured in platform;
The related information is that platform unifies account and operation system user profile (including the user name of operation system and close Code) corresponding relation.
User is by certification, and during first time access service system, unified certification service platform is according to the configuration of operation system Automatically generate the business association page, it is desirable to which user is associated:
1) user profile (including operation system username and password) of user's incoming traffic system;
2) related information is encrypted and signed (operation system certificate together with timestamp by the access control server of platform Encryption, platform private key signature, timestamp are used to prevent Replay Attack);
3) related information of ciphering signature is by SSL encryption passage, be transferred to operation system access it is preposition, and by its progress Operation system checking is given after decryption verification;
4) related information is verified, then user is unified account pass corresponding with the foundation of operation system user profile by platform System, in case being used during normal access service system.
When user is accessed operation system, if user completes associating for unified account and operation system user profile, Then in access service system after by unified certification service platform certification:
1) user of the platform in the operation system ID to be accessed and session (session) unifies account, inquires about user Operation system related information;
2) corresponding information and timestamp are passed through into SSL encryption by access control server ciphering signature and via client Passage, be transferred to operation system access it is preposition, and by its be decrypted checking after give operation system checking;
3) after operation system is verified, redirect automatically into operation system.
User can directly access each application system authorized after by unified certification service platform certification, realize not Authentication with application system is shared, so as to reach the single-sign-on of multi-application system.
The single-sign-on process uses SAML (Security Assertion Markup Language, security assertions Markup language) agreement ensures communication security between remote machine, implementation process is as follows:
1st step:User, which is normally accessed above resource url, does not have token;
2nd step:Filter (filter) checks whether user logs in, if do not logged in, is redirected to authentication center;
3rd step:Authentication center checks whether there is token, if not provided, returning to login interface;
If user has had token, new service token is produced, and service token is attached to behind url, then is held The step of row the 6th;
4th step:User inputs username and password;
5th step:Authentication center's certification success, generation ticket are write in Cookie, and by ticket generations once The service token that property uses is attached to behind url;
6th step:It is redirected to the resource of user's access;
7th step:Service token is got from url;
8th step:Application system is verified using service token and authentication center;
9th step:After verifying successfully, the user account that is returned;
10th step:Custom system creates user session, Successful login using this account.
The unified certification service platform stores the essential information and certificate information of user, and all application systems can These information are made full use of, reduce the repetition typing of user profile.
User completes user's registration in unified certification service platform, obtains the unified account of oneself while associates corresponding industry Business system account;
Keeper licenses to pipe in intelligent code key information, the function corresponding to unified certification service platform registered user Reason person;
Unified certification services platform user establishes mapping relations, sso (single-sign-on) module management with application system user (asu) User's mapping relations.
Registered user sends de-registration request and arrives certificate server again to application server by nullifying local session; Certificate server receives de-registration request, nullifies session, and removes browser cookie, completes to nullify.
Beneficial effects of the present invention are:
The function and have the beneficial effect that the inventive method is realized:
Enterprise staff is in the access process of application system, it is only necessary to remembers a password, it is possible to log in multiple isomeries System;
Unified subscriber identity information is provided, even if each application system user (asu) identity information content and data format are not united Information sharing can also be carried out, realizes and interconnects;
After intelligent code key authenticated encryption, it is ensured that it is original text that user, which transmits data, is not usurped maliciously Change, and can confirm that the identity of user.
Brief description of the drawings
Fig. 1 is in the cross-platform heterogeneous system graph of a relation of intelligent code key certification;
Fig. 2 is Union user management and operation system user's mapping graph;
Fig. 3 is login process flow chart;
Fig. 4 is log off procedure flow chart.
Description of reference numerals:1 in Fig. 3, access resource, 2, be redirected to authentication center, 3, return to login interface, 4 inputs User name, password, 5, write COOKIE and generate service token and be attached on URL, 6, be re-introduced into the resource of access, 7, from URL Middle acquisition service token, 8, go authentication center's certification using server token, 9, return to user profile, 10, into system.
Embodiment
With reference to Figure of description, more detailed elaboration is carried out to present disclosure:
Embodiment 1
As shown in figure 1, unified certification service platform of the methods described based on intelligent code key, is integrated into operation system Target, based on intelligent code key certification and PKI technologies, by the unified certification to user identity and access control, more The integration of the single-sign-on and information resources of each operation system is safely realized, particular content includes:
First, user management
Including subscriber information management, user's intelligent code key information, authorize application system etc..User in access platform and During each application system, all using identical authority (i.e. comprising user certificate and its hardware protection password PIN), and numeral label are utilized Name technology carries out authentication in platform, it was demonstrated that the authenticity of its identity;
1st, user's registration
1) user completes user's registration in platform, obtains the unified account of oneself while associates corresponding operation system account Family;
2) keeper licenses to keeper in intelligent code key information corresponding to platform registered user, this function;
3) platform user establishes mapping relations, sso module management user's mapping relations with application system user (asu);
2nd, unified authorization
1) user of registration is grouped by keeper, and according to the corresponding operation system access rights of grouping and setting;
2) platform is that user uniformly issues digital certificate, as the authority of user's access platform and each application system, and it is right The authority that user accesses application system is authorized;
3) intelligent key system is that platform user signs and issues digital certificate, and corresponding with the unified account of user;
2nd, unified certification
The present invention is based on PKI (Public Key Infrastructure) theoretical system, utilizes intelligent code key, number Word is signed and digital Certificate Authentication Mechanism, and unified identity authentication and security service are provided for the multiservice system user such as door, OA Comprehensive platform.This programme is the unified certification service platform solution based on intelligent code key certification, with resource consolidation (operation system is integrated and content integration) is target, based on intelligent code key certification and PKI technologies, by user's body The unified certification of part and access control, more safely realize the integration of the single-sign-on and information resources of each operation system.
Platform compatibility password authentication, intelligent code key authentication mode, and using SSL encryption passage, encrypted message key The safe practices such as signature, access control policy ensure the security of authentication and operation system access process.
1st, intelligent code key certificate management
Authentication service, applying digital certificate are provided, signs and issues and manages.
2nd, authentication mode
User's unified certification process ensures security using SSL encryption passage.Certificate server is responsible for SSL encryption passage Establish;
1) for password authentication mode, certificate server is configured to unidirectional SSL encryption passage, and client does not need certificate;
2) for intelligent code key authentication mode, certificate server is configured to two-way SSL encryption passage, and client is necessary User certificate is provided, and the verification to user certificate and user identity is completed by certificate server.
3rd, intelligent code key service is shared
1) HTTPS agreements, certificate server and platform application service are used between client browser and certificate server Http protocol is used between device;
2) platform provides independent intelligent code key service, is individually called for application system.
3rd, application system management
1st, the registration of operation system
Operation system is registered, empowerment management.
2nd, the configuration of operation system
As shown in Fig. 2 following work must be completed by receiving the operation system of unified certification:
1) operation system is installed to access preposition and configure certificate and private key, to establish between client and operation system SSL encryption passage, and the user authentication information of the ciphering signature of receiving and processing platform offer;
2) associated interface is provided and accesses checking interface, and is configured in platform.Related information is mainly that platform is unified Account and the corresponding relation of operation system user profile (username and password that operation system may be included).
3rd, user associates to operation system
After user is by platform authentication, during first time access service system, platform is given birth to automatically according to the configuration of operation system Into the business association page, it is desirable to which user is associated:
1) user profile (operation system username and password may be included) of user's incoming traffic system.
2) related information is encrypted and signed (operation system certificate together with timestamp by the access control server of platform Encryption, platform private key signature, timestamp are used to prevent Replay Attack);
3) related information of ciphering signature is by SSL encryption passage, be transferred to operation system access it is preposition, and by its progress Operation system checking is given after decryption verification;
4) related information is verified, then user is unified account pass corresponding with the foundation of operation system user profile by platform System, in case being used during normal access service system.
4th, access of the user to operation system
If user, which completes platform, unifies associating for account and operation system user profile, after by platform authentication During access service system:
1) user of the platform in the operation system ID to be accessed and session (session) unifies account, inquires about user Operation system related information.
2) corresponding information and timestamp are passed through into SSL encryption by access control server ciphering signature and via client Passage, be transferred to operation system access it is preposition, and by its be decrypted checking after give operation system checking.
3) after operation system is verified, redirect automatically into operation system.
In access service system, the equal binding time stamp of transmission, encrypted message key signature and the SSL encryption of relevant information Passage technology, after the completion of automated validation, operation system can set whether continue to walk SSL encryption passage as needed.Both ensured The confidentiality and authenticity of information transmission, effectively prevent Replay Attack, have taken into account operation system again during single-sign-on The safety and efficiency of access.
4th, single-sign-on
User can directly access each application system authorized, realize different application systems after by platform authentication Authentication is shared, so as to reach the single-sign-on of multi-application system.
1st, login process
Single-sign-on uses SAML (Security Assertion Markup Language, security assertion markup language) Agreement ensures the communication security between remote machine, as shown in figure 3, once the implementation process of complete single-sign-on is as follows:
1st step:User normally accesses resource, does not have token above url;
2nd step:Filter (filter) checks whether user logs in, if do not logged in, is redirected to authentication center;
3rd step:Authentication center checks whether there is token, if not provided, returning to login interface;
4th step:User inputs username and password;
5th step:Authentication center's certification success, generation ticket are write in Cookie, and by ticket generations once The service token that property uses is attached to behind url;
6th step:It is redirected to the resource of user's access;
7th step:Service token is got from url;
8th step:Application system is verified using service token and authentication center;
9th step:After verifying successfully, the user account that is returned;
10th step:Custom system creates user session, Successful login using this account.
User again single-sign-on when, 1,2, two step is first carried out, can find that user has deposited when to 3 step There is token, new service token can be produced, and service token is attached to behind url, then perform 6,7,8,9,10.
2nd, log off procedure, as shown in Figure 4:
1st step:Click on and nullify;
2nd step:Local session is nullified, and sends de-registration request and arrives certificate server again to application server;
3rd step:Certificate server receives de-registration request, nullifies session, and remove browser cookie;
4th step:Return to the page specified
5th, data sharing
Authentication platform stores the essential information and certificate information of user, and all application systems can make full use of these Information, reduce the repetition typing of user profile.
Embodiment 2
Methods described is by any of following two verification modes, to call unified certification service platform (CACS) portion The service for checking credentials of administration, safety certification is realized, and the service platform of operation system can be jumped directly to:
First, the first verification mode (POST)
1st, NET platforms are implemented
1) need to add Process intelligent code keys SysInfoPage.aspx texts in the solution of operation system Part and corresponding Process intelligent code keys SysInfoPage.aspx.cs files.In function, addition can be recognized After legal login, your application system needs the processing done, and jumps to main interface.
2) web.config use-case selected parts are referred to:
2nd, JAVA platforms are implemented
1) the Process intelligent code key SysInfoPage.jsp pages are added in operation system, and in LIB files The following several JAR bags of folder addition are quoted:
axis.jar;
axis-ant.jar;
dom4j-1.6.1.jar;
jaxen-1.1-beta-6.jar;
jaxrpc.jar;
wsdl4j-1.5.1.jar;
2) you is write in method after this authentication and logins successfully the processing that rear system is done, and jump to main interface
2nd, second of verification mode (GET)
This verification mode is cross-platform solution, it is necessary to which operation system provides login interface, interface format citing For:http://localhost:/WebSite/login.aspxUsercode=zhangsan&password=123456
Embodiment 3
Unified certification service platform disposes explanation:
1st, the .CS files of unified certification service platform CACS files and the inside are put into App_Code files;
2nd, CACS site files are folded up under WEBPAGE/EXTERNAL files;
3rd, Web.Config files are changed
1) exist<system.web>Under configuration section<Compilation debug=" true ">Added under configuration section<add DirectoryName=" CACS "/>
2) exist<system.web>Under configuration section<assemblies>Two rows are added under configuration section:
<Add assembly=" System.Web.Extensions, Version=3.5.0.0, Culture= Neutral, PublicKeyToken=31BF3856AD364E35 "/>
<Add assembly=" System.Web.Extensions.Design, Version=3.5.0.0, Culture =neutral, PublicKeyToken=31BF3856AD364E35 "/></assemblies>
4th, isneedCA (bool) field is increased in user's table
User opens login interface, entry address http using browser:// [IP address]/WebPage/ External/CACS/Login.aspx
User name password login is inputted, after logining successfully, system can open CACS main interfaces.
The preferred implementation method of the present invention is the foregoing is only, but is not limited to this, it will be understood by those skilled in the art that this Invention implementation method can have various change.Within the spirit and principles of the invention, any modification for being made, equally replace Change, improve, should be included in the scope of the protection.

Claims (10)

  1. A kind of 1. cross-platform heterogeneous system login method based on intelligent code key certification, it is characterised in that methods described base In PKI theoretical systems, using intelligent code key, digital signature and digital Certificate Authentication Mechanism, carried for multiservice system user For unified certification service platform, by conformity of business operation system and content, unified certification and access control to user identity, realize The integration of the single-sign-on and information resources of each operation system.
  2. 2. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 1, its It is characterised by, the unified certification of the user identity uses SSL encryption passage, and certificate server is responsible for building for SSL encryption passage It is vertical.
  3. 3. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 2, its It is characterised by, the work that receiving the operation system of unified certification needs to complete includes:
    Installation operation system accesses preposition and configures certificate and private key, and the SSL to establish between client and operation system adds Close passage, and the user authentication information of the ciphering signature of receiving and processing platform offer;
    Associated interface is provided and accesses checking interface, and is configured in platform;
    The related information is the corresponding relation that platform unifies account and operation system user profile.
  4. 4. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 3, its It is characterised by, user is by certification, and during first time access service system, unified certification service platform is according to the configuration of operation system Automatically generate the business association page, it is desirable to which user is associated:
    1) user profile of user's incoming traffic system;
    2) related information is encrypted and signed by the access control server of platform together with timestamp;
    3) related information of ciphering signature is by SSL encryption passage, is transferred to operation system and accesses preposition, and is decrypted by it Operation system checking is given after checking;
    4) related information is verified, then user is unified account by platform and operation system user profile establishes corresponding relation, with Used during standby normal access service system.
  5. 5. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 4, its It is characterised by, when user is accessed operation system, if user completes associating for unified account and operation system user profile, Then in access service system after by unified certification service platform certification:
    1) user of the platform in the operation system ID and session to be accessed unifies account, inquires about the operation system of user Related information;
    2) by corresponding information and timestamp by access control server ciphering signature and via client, by SSL encryption passage, It is preposition to be transferred to operation system access, and is decrypted by it after checking and gives operation system checking;
    3) after operation system is verified, redirect automatically into operation system.
  6. 6. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 5, its It is characterised by, user can directly access each application system authorized after by unified certification service platform certification, realize not Authentication with application system is shared, so as to reach the single-sign-on of multi-application system.
  7. 7. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 6, its It is characterised by, the single-sign-on process is as follows using the communication security between SAML agreements guarantee remote machine, implementation process:
    1st step:User, which is normally accessed above resource url, does not have token;
    2nd step:Filter checks whether user logs in, if do not logged in, is redirected to authentication center;
    3rd step:Authentication center checks whether there is token, if not provided, returning to login interface;
    If user has had token, new service token is produced, and service token is attached to behind url, then performs the 6th Step;
    4th step:User inputs username and password;
    5th step:Authentication center's certification success, generation ticket are write in Cookie, and are disposably made by ticket generations Service token is attached to behind url;
    6th step:It is redirected to the resource of user's access;
    7th step:Service token is got from url;
    8th step:Application system is verified using service token and authentication center;
    9th step:After verifying successfully, the user account that is returned;
    10th step:Custom system creates user session, Successful login using this account.
  8. 8. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 7, its It is characterised by, the unified certification service platform stores the essential information and certificate information of user.
  9. 9. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 8, its It is characterised by, user completes user's registration in unified certification service platform, and unified account while the association for obtaining oneself are corresponding Operation system account;
    Keeper is in intelligent code key information corresponding to unified certification service platform registered user;
    Unified certification services platform user establishes mapping relations with application system user (asu).
  10. 10. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 9, its It is characterised by, registered user sends de-registration request and arrive authentication service again to application server by nullifying local session Device;Certificate server receives de-registration request, nullifies session, and removes browser cookie, completes to nullify.
CN201710898258.1A 2017-09-28 2017-09-28 A kind of cross-platform heterogeneous system login method based on intelligent code key certification Pending CN107508837A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710898258.1A CN107508837A (en) 2017-09-28 2017-09-28 A kind of cross-platform heterogeneous system login method based on intelligent code key certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710898258.1A CN107508837A (en) 2017-09-28 2017-09-28 A kind of cross-platform heterogeneous system login method based on intelligent code key certification

Publications (1)

Publication Number Publication Date
CN107508837A true CN107508837A (en) 2017-12-22

Family

ID=60699104

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710898258.1A Pending CN107508837A (en) 2017-09-28 2017-09-28 A kind of cross-platform heterogeneous system login method based on intelligent code key certification

Country Status (1)

Country Link
CN (1) CN107508837A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322468A (en) * 2018-02-02 2018-07-24 广州南洋理工职业学院 Identity authorization system
CN108449361A (en) * 2018-04-25 2018-08-24 苏州云坤信息科技有限公司 It is a kind of that login identity identifying method is exempted from based on application gateway
CN109831408A (en) * 2018-12-13 2019-05-31 平安万家医疗投资管理有限责任公司 Single-sign-on subsystem publishes method and system
CN110334489A (en) * 2019-07-12 2019-10-15 广州大白互联网科技有限公司 A kind of unified single sign-on system and method
CN110706143A (en) * 2019-09-26 2020-01-17 中电万维信息技术有限责任公司 Identity authentication method and device based on government affair service
CN110830493A (en) * 2019-11-14 2020-02-21 北京京航计算通讯研究所 Single sign-on implementation method based on intelligent enterprise portal
CN111107063A (en) * 2019-12-04 2020-05-05 海南新软软件有限公司 Login method and device
CN111107055A (en) * 2019-11-22 2020-05-05 航天信息股份有限公司 Method and system for realizing user authentication login of CA unified authentication platform
CN111444499A (en) * 2020-03-31 2020-07-24 中国人民解放军海军潜艇学院 User identity authentication method and system
CN111797378A (en) * 2020-07-06 2020-10-20 遵义科晟云达科技有限公司 Multiple identity management authentication platform of people's society information
CN111881443A (en) * 2020-06-16 2020-11-03 苏州浪潮智能科技有限公司 Multi-user authentication method and system based on AI training management platform
CN112800411A (en) * 2021-02-19 2021-05-14 浪潮云信息技术股份公司 Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device
CN112818333A (en) * 2021-01-30 2021-05-18 郑州信大捷安信息技术股份有限公司 Switching login authentication and communication method and system for intelligent password key
CN113037686A (en) * 2019-12-24 2021-06-25 中国电信股份有限公司 Multi-database secure communication method and system, computer readable storage medium
CN114338224A (en) * 2022-01-17 2022-04-12 广东好太太智能家居有限公司 Intelligent hardware cross-platform control method and system
CN115001777A (en) * 2022-05-25 2022-09-02 公安部户政管理研究中心 Cross-service portal system management method
CN115118454A (en) * 2022-05-25 2022-09-27 四川中电启明星信息技术有限公司 Cascade authentication system and method based on mobile application
CN115225323A (en) * 2022-06-15 2022-10-21 福建海峡基石科技集团有限公司 Public certificate-based password-free authentication method
CN116233122A (en) * 2023-05-06 2023-06-06 上海观安信息技术股份有限公司 Heterogeneous server login method, device, equipment and medium
CN117040927A (en) * 2023-10-08 2023-11-10 深圳奥联信息安全技术有限公司 Password service monitoring system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771722A (en) * 2009-12-25 2010-07-07 中兴通讯股份有限公司 System and method for WAPI terminal to access Web application site
CN102655494A (en) * 2011-03-01 2012-09-05 广州从兴电子开发有限公司 SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode
US8745718B1 (en) * 2012-08-20 2014-06-03 Jericho Systems Corporation Delivery of authentication information to a RESTful service using token validation scheme

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771722A (en) * 2009-12-25 2010-07-07 中兴通讯股份有限公司 System and method for WAPI terminal to access Web application site
CN102655494A (en) * 2011-03-01 2012-09-05 广州从兴电子开发有限公司 SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode
US8745718B1 (en) * 2012-08-20 2014-06-03 Jericho Systems Corporation Delivery of authentication information to a RESTful service using token validation scheme

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘秉凯: "基于PKI的统一身份认证服务***的设计与实现", 《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》 *
杜乐: "重庆市地勘***数据安全研究", 《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》 *

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322468A (en) * 2018-02-02 2018-07-24 广州南洋理工职业学院 Identity authorization system
CN108449361A (en) * 2018-04-25 2018-08-24 苏州云坤信息科技有限公司 It is a kind of that login identity identifying method is exempted from based on application gateway
CN109831408A (en) * 2018-12-13 2019-05-31 平安万家医疗投资管理有限责任公司 Single-sign-on subsystem publishes method and system
CN110334489A (en) * 2019-07-12 2019-10-15 广州大白互联网科技有限公司 A kind of unified single sign-on system and method
CN110706143A (en) * 2019-09-26 2020-01-17 中电万维信息技术有限责任公司 Identity authentication method and device based on government affair service
CN110830493A (en) * 2019-11-14 2020-02-21 北京京航计算通讯研究所 Single sign-on implementation method based on intelligent enterprise portal
CN110830493B (en) * 2019-11-14 2022-02-25 北京京航计算通讯研究所 Single sign-on implementation method based on intelligent enterprise portal
CN111107055A (en) * 2019-11-22 2020-05-05 航天信息股份有限公司 Method and system for realizing user authentication login of CA unified authentication platform
CN111107055B (en) * 2019-11-22 2023-01-10 航天信息股份有限公司 Method and system for realizing user authentication login of CA unified authentication platform
CN111107063A (en) * 2019-12-04 2020-05-05 海南新软软件有限公司 Login method and device
CN111107063B (en) * 2019-12-04 2022-04-22 海南新软软件有限公司 Login method and device
CN113037686A (en) * 2019-12-24 2021-06-25 中国电信股份有限公司 Multi-database secure communication method and system, computer readable storage medium
CN113037686B (en) * 2019-12-24 2022-11-29 中国电信股份有限公司 Multi-database secure communication method and system, computer readable storage medium
CN111444499A (en) * 2020-03-31 2020-07-24 中国人民解放军海军潜艇学院 User identity authentication method and system
CN111444499B (en) * 2020-03-31 2022-12-06 中国人民解放军海军潜艇学院 User identity authentication method and system
CN111881443A (en) * 2020-06-16 2020-11-03 苏州浪潮智能科技有限公司 Multi-user authentication method and system based on AI training management platform
CN111797378A (en) * 2020-07-06 2020-10-20 遵义科晟云达科技有限公司 Multiple identity management authentication platform of people's society information
CN112818333B (en) * 2021-01-30 2022-04-05 郑州信大捷安信息技术股份有限公司 Switching login authentication and communication method and system for intelligent password key
CN112818333A (en) * 2021-01-30 2021-05-18 郑州信大捷安信息技术股份有限公司 Switching login authentication and communication method and system for intelligent password key
CN112800411A (en) * 2021-02-19 2021-05-14 浪潮云信息技术股份公司 Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device
CN114338224A (en) * 2022-01-17 2022-04-12 广东好太太智能家居有限公司 Intelligent hardware cross-platform control method and system
CN114338224B (en) * 2022-01-17 2024-04-12 广东好太太智能家居有限公司 Cross-platform control method and system for intelligent hardware
CN115001777A (en) * 2022-05-25 2022-09-02 公安部户政管理研究中心 Cross-service portal system management method
CN115118454A (en) * 2022-05-25 2022-09-27 四川中电启明星信息技术有限公司 Cascade authentication system and method based on mobile application
CN115118454B (en) * 2022-05-25 2023-06-30 四川中电启明星信息技术有限公司 Cascade authentication system and authentication method based on mobile application
CN115225323A (en) * 2022-06-15 2022-10-21 福建海峡基石科技集团有限公司 Public certificate-based password-free authentication method
CN116233122B (en) * 2023-05-06 2023-07-04 上海观安信息技术股份有限公司 Heterogeneous server login method, device, equipment and medium
CN116233122A (en) * 2023-05-06 2023-06-06 上海观安信息技术股份有限公司 Heterogeneous server login method, device, equipment and medium
CN117040927A (en) * 2023-10-08 2023-11-10 深圳奥联信息安全技术有限公司 Password service monitoring system and method
CN117040927B (en) * 2023-10-08 2024-02-06 深圳奥联信息安全技术有限公司 Password service monitoring system and method

Similar Documents

Publication Publication Date Title
CN107508837A (en) A kind of cross-platform heterogeneous system login method based on intelligent code key certification
CN102333075B (en) VPN network client for mobile device having fast reconnect
CN102316093B (en) Dual-Mode Multi-Service VPN Network Client for Mobile Device
CN102333110B (en) VPN network client for mobile device having fast reconnect
CN102316092B (en) VPN network client for mobile device having fast reconnect
US8751794B2 (en) System and method for secure nework login
US9300653B1 (en) Delivery of authentication information to a RESTful service using token validation scheme
CN102457507B (en) Cloud computing resources secure sharing method, Apparatus and system
CN102316153B (en) VPN network client for mobile device having dynamically constructed display for native access to web mail
CN107294916B (en) Single-point logging method, single-sign-on terminal and single-node login system
CN106063308B (en) Device, identity and event management system based on user identifier
CN105592003B (en) A kind of cross-domain single login method and system based on notice
CN107733861A (en) It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method
CN104378210A (en) Cross-trust-domain identity authentication method
CN103152179A (en) Uniform identity authentication method suitable for multiple application systems
Berbecaru et al. Providing login and Wi-Fi access services with the eIDAS network: A practical approach
CN102893575B (en) By means of the disposal password of IPSEC and IKE the 1st edition certification
CN102655494A (en) SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode
CN101902327A (en) Method and device for realizing single-point log-in and system thereof
US10601809B2 (en) System and method for providing a certificate by way of a browser extension
CN109040069A (en) A kind of dissemination method, delivery system and the access method of cloud application program
CN103023856A (en) Single sign-on method, single sign-on system, information processing method and information processing system
CN109587100A (en) A kind of cloud computing platform user authentication process method and system
CN102420808B (en) Method for realizing single signon on telecom on-line business hall
CN107294935A (en) Virtual private network access methods, devices and systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171222