CN109040030A - Single-point logging method and system - Google Patents
Single-point logging method and system Download PDFInfo
- Publication number
- CN109040030A CN109040030A CN201810783415.9A CN201810783415A CN109040030A CN 109040030 A CN109040030 A CN 109040030A CN 201810783415 A CN201810783415 A CN 201810783415A CN 109040030 A CN109040030 A CN 109040030A
- Authority
- CN
- China
- Prior art keywords
- authorization code
- user
- authentication
- sent
- application system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000013475 authorization Methods 0.000 claims abstract description 136
- 230000005540 biological transmission Effects 0.000 claims abstract description 30
- 238000004590 computer program Methods 0.000 claims description 9
- 230000001052 transient effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 9
- 230000003993 interaction Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000004913 activation Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the present invention provides a kind of single-point logging method and system.The system comprises: workspace, Authentication Client and certificate server, workspace is integrated with the application system of multiple single-sign-ons, Authentication Client is used to receive the account information or authentication information of user's input, enters workspace when account information or correct authentication information;Application system is used for after receiving the open instructions of user, and the request for obtaining authorization code is sent to Authentication Client, receives the authorization code that Authentication Client is sent, authorization code is sent to certificate server;Authentication Client is also used to obtain authorization code by certificate server, and authorization code is returned to application system;Certificate server is also used to verify the authorization code of application system transmission, account information is sent to application system after being proved to be successful, so that application system is logged in.The embodiment of the present invention avoids account information in transmission over networks, improves safety.
Description
Technical field
The present embodiments relate to field of computer technology more particularly to a kind of single-point logging method and systems.
Background technique
Currently, mobile office is more and more common in large enterprise, but the application system of various businesses requires difference
Authentication, user are switched in another application system from an application system, need continually to carry out authentication, give
Office worker makes troubles, and single-sign-on provides a kind of solution of a whole set of mobile office business integration, and user only needs to step on
Record can once access the application system of all mutual trusts.
The implementation method of single-sign-on is relatively more at present, but all needs a large amount of network interaction process and need user
The account information of login transmits on the internet, can there is the risk attacked by outer net, the safety of application system in transmission process
Property cannot be protected.
Summary of the invention
For prior art problem, the embodiment of the present invention provides a kind of single-point logging method and system.
On the one hand, the embodiment of the present invention provides a kind of single-node login system, the system comprises:
Workspace, Authentication Client and certificate server, the workspace are integrated with the application system of multiple single-sign-ons
System, the Authentication Client are the entrance of workspace, in which:
The Authentication Client, for receiving the account information or authentication information of user's input, when user's input
When account information or correct authentication information, into workspace;
The application system, for being sent to Authentication Client and obtaining authorization code after receiving the open instructions of user
Request, be also used to receive the authorization code of Authentication Client transmission, and authorization code be sent to the certificate server;
The Authentication Client is also used to receive the request of the acquisition authorization code of application system transmission, passes through the certification
Server obtains authorization code, and authorization code is returned to the application system;
The certificate server is also used to verify the authorization code of application system transmission, after a successful authentication, by account
Information is sent to application system, so that the application system is logged in.
On the other hand, the embodiment of the present invention provides a kind of single-point logging method, which comprises
Authentication Client receives the account information or authentication information of user's input, when the account information of user's input
Or authentication information it is correct when, into workspace;
Application system sends the request for obtaining authorization code to Authentication Client after receiving the open instructions of user;
Authentication Client receives the request for the acquisition authorization code that application system is sent, and is obtained by the certificate server
Authorization code, and authorization code is returned into application system;
Application system receives the authorization code that Authentication Client is sent, and authorization code is sent to the certificate server;
Account information is sent to and answers after a successful authentication by the authorization code that certificate server verifying application system is sent
With system, so that the application system is logged in.
On the other hand, the embodiment of the present invention also provides a kind of electronic equipment, including memory, processor and is stored in
On memory and the computer program that can run on a processor, the processor realize such as above-mentioned list when executing described program
The step of point login method.
On the other hand, the embodiment of the present invention also provides a kind of non-transient computer readable storage medium, is stored thereon with meter
Calculation machine program is realized when described program is executed by processor such as the step of above-mentioned single-point logging method.
The embodiment of the present invention verifies application system by certificate server, avoids account information on network
Transmission, improves the safety of single-sign-on.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will to embodiment or
Attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is this
Some embodiments of invention without creative efforts, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is the structural schematic diagram for the single-node login system that one embodiment of the invention provides;
Fig. 2 is the flow diagram for the single-point logging method that one embodiment of the invention provides;
Fig. 3 is the flow diagram for the single-point logging method that further embodiment of this invention provides;
Fig. 4 is the structural schematic diagram for the electronic equipment that one embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
Member's every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 1 shows a kind of structural schematic diagram of single-node login system provided in an embodiment of the present invention.
Single-node login system provided in an embodiment of the present invention includes: workspace, Authentication Client and certificate server, institute
It states workspace and is integrated with the application system of multiple single-sign-ons, the Authentication Client is the entrance of workspace, referring to Fig.1, with
Illustrate the structural schematic diagram of single-node login system provided in an embodiment of the present invention for one application system:
The Authentication Client, for receiving the account information or authentication information of user's input, when user's input
When account information or correct authentication information, into workspace;
The application system, for being sent to Authentication Client and obtaining authorization code after receiving the open instructions of user
Request, be also used to receive the authorization code of Authentication Client transmission, and authorization code be sent to the certificate server;
The Authentication Client is also used to receive the request of the acquisition authorization code of application system transmission, passes through the certification
Server obtains authorization code, and authorization code is returned to the application system;
The certificate server is also used to verify the authorization code of application system transmission, after a successful authentication, by account
Information is sent to application system, so that the application system is logged in.
The embodiment of the present invention verifies application system by certificate server, avoids account information on network
Transmission, improves the safety of single-sign-on.
Workspace provided in an embodiment of the present invention provides the ability of single-sign-on for trusted application, and all progress are single
The application system that point logs in is integrated in workspace, and Authentication Client is the entrance of workspace, and user is entering workspace
Before, need to unlock the interface of workspace by input account password or specific authentication (such as gesture authentication),
To which using each application in workspace, Authentication Client provides the security guarantee of caller identity for workspace.
Each application system in workspace is obtained to Authentication Client and is authorized after receiving the open instructions of user
Code.Authentication Client carries the mark of application system after receiving the request of acquisition authorization code of application system transmission
To certificate server request authorization code, the authorization code that then will acquire is sent to application system.Application system is being got
After authorization code, authorization code is sent to certificate server, to be made whether the verifying for trusted application.Certificate server pair
After the completion of application system verifying, if be proved to be successful, the account information registered customers as is sent to application system, to realize
The single-sign-on of application system.
Workspace provides single-sign-on for all application systems, such as mobile office business, workspace provides a whole set of
Mobile office single-sign-on, it is only necessary to be logged in once in workspace, all mobile office applications do not need voluntarily to log in, directly
Taking out can handle official business.
It should be noted that above-mentioned interaction flow is all consistency operation, user's unaware improves user experience.
Single-node login system provided in an embodiment of the present invention verifies application system by certificate server, in work
Make to open trusted application system in area and do not need to frequently enter password, realizes that the single-sign-on of each application system, safety are high
Effect.
Specifically, the Authentication Client is after receiving the request of acquisition authorization code of application system transmission, to institute
It states certificate server and sends the request for carrying the acquisition authorization code of the application system mark (such as application system packet name);
The certificate server receives the request for the acquisition authorization code that the Authentication Client is sent, and generates add at random
The authorization code of generation is sent to the Authentication Client by close authorization code.
In the specific implementation process, the authorization code that application system is obtained to Authentication Client is Authentication Client by recognizing
Service acquisition is demonstrate,proved, is encrypted characters string encoding that certificate server generates at random, therefore application system carries authorization code to recognizing
When card server is verified, certificate server can recognize that this authorization code is the authentication code for itself issuing out, so as to
Enough think that the user for opening the application system is trusted user, and then the account information registered customers as is sent to using system
System, logs in application system, and no longer needing to input account information can directly open, and realizes single-sign-on.
On the basis of the above embodiments, the application system includes: applications client and application server, in which:
The applications client, for being sent to Authentication Client and obtaining authorization after receiving the open instructions of user
The request of code is also used to after the authorization code for receiving Authentication Client transmission, sends corresponding application service for authorization code
Device;
The application server for receiving the authorization code of applications client transmission, and authorization code is sent to and described is recognized
Demonstrate,prove server;
The certificate server, for verifying the authorization code of application server transmission, after being proved to be successful, by account
Information is sent to application server, so that the application server is logged in.
In above-mentioned interaction flow, the verifying of authorization code and the interaction of account information are all in application server and certification clothes
It is carried out between business device, account information is not transmitted on the internet in the interactive process of above-mentioned realization single-sign-on, is mentioned
The high safety of account information.
Usual certificate server is deployed in Intranet, and application server can be deployed in public network or Intranet, therefore authenticate clothes
Business device is only interacted with the application server of fixed IP, can reduce the probability that certificate server is attacked by outer net, and it is logical to improve network
The safety in road.By application server deployment in Intranet, the interaction of account information can be made to carry out all between Intranet, safety
Property and speed can ensure.
The certificate server is also used to after the authorization code verifying that application server is sent is completed, by authorization code
It destroys.
Specifically, authorization code is disposable random code, and workspace and applications client do not save, certificate server
Verifying is completed directly to destroy, and can prevent usurping for authorization code, improve the safety of verifying.
On the basis of the above embodiments, the embodiment of the invention also includes:
The workspace, for after receiving the open instructions of user, starting the Authentication Client;
The Authentication Client receives user and sets for receiving the account information of user's input when logging in first time
The authentication information set verifies the authentication letter of user's input when logging on no more than user in given number of days
Breath;
It is also used to prompt user to re-enter account information when being more than that user logs on after the given number of days, and
Verify the account information of user's input.
Specifically, workspace is firstly the need of installation Authentication Client, when workspace is registered in initial activation, calls certification visitor
Family end prompts user to input account information (including username and password), by rear prompt user setting authentication information,
Enter workspace after being provided with.
When user is again introduced into workspace, one-time identity authentication information only need to be inputted, workspace can be entered;If super
After crossing certain number of days, user, which logs on, to need to re-enter username and password.
Specifically, the authentication information of the user setting includes: gesture, password and fingerprint.
The embodiment of the present invention also provides a kind of single-point logging method.
Fig. 2 shows the flow diagrams for the single-point logging method that the embodiment of the present invention proposes.
Referring to Fig. 2, single-point logging method that the embodiment of the present invention proposes specifically includes the following steps:
S11, Authentication Client receive the account information or authentication information of user's input, when the account of user's input
When information or correct authentication information, into workspace;
S12, application system send to Authentication Client after receiving the open instructions of user and obtain asking for authorization code
It asks;
S13, Authentication Client receive the request for the acquisition authorization code that application system is sent, and pass through the certificate server
Authorization code is obtained, and authorization code is returned into application system;
S14, application system receive the authorization code that Authentication Client is sent, and authorization code is sent to the authentication service
Device;
The authorization code that S15, certificate server verifying application system are sent after a successful authentication sends account information
To application system, so that the application system is logged in.
Single-point logging method provided in an embodiment of the present invention is verified application system by certificate server, is avoided
Account information improves the safety of single-sign-on in transmission over networks.
Specifically, the Authentication Client includes: by certificate server acquisition authorization code
Authentication Client is after receiving the request of acquisition authorization code of application system transmission, to the authentication service
Device sends the request for carrying the acquisition authorization code of the application system mark;
The certificate server receives the request for the acquisition authorization code that the Authentication Client is sent, and generates add at random
The authorization code of generation is sent to the Authentication Client by close authorization code.
Specifically, the method also includes:
The applications client sends to Authentication Client after receiving the open instructions of user and obtains authorization code
Request sends corresponding application server for authorization code after the authorization code for receiving Authentication Client transmission;
Application server receives the authorization code that applications client is sent, and authorization code is sent to the certificate server;
Account information is sent to by the authorization code that certificate server verifying application server is sent after being proved to be successful
Application server, so that the application server is logged in.
Specifically, the method also includes:
The certificate server destroys authorization code after the authorization code verifying that application server is sent is completed.
Specifically, the method also includes:
Workspace starts the Authentication Client after receiving the open instructions of user;
Authentication Client receives the account information of user's input when logging in first time, and the identity for receiving user setting is recognized
Information is demonstrate,proved, when logging on no more than user in given number of days, verifies the authentication information of user's input;
When being more than that user logs on after the given number of days, Authentication Client prompt user re-enters account letter
Breath, and verify the account information of user's input.
Specifically, the authentication information of the user setting includes: gesture, password and fingerprint.
Single-point logging method provided in an embodiment of the present invention is described in detail with specific example below.
Fig. 3 shows the flow diagram for inventing the single-point logging method that another embodiment provides.
It is Authentication Client referring to Fig. 3,360ID, 360ID server is certificate server, and it is nature's mystery workspace that OA, which is applied,
An APP, nature's mystery workspace provides single sign-on capability for all application systems.
Single-point logging method provided in an embodiment of the present invention specifically includes process and opening OA system into nature's mystery workspace
The process of system.
Into nature's mystery workspace process specifically includes the following steps:
User opens nature's mystery workspace;360ID client automatically wakes up;360ID client is carried out to 360ID server
Authentication;Enter nature's mystery workspace after being proved to be successful.
Open OA system process specifically includes the following steps:
User opens OA application;360ID client is aroused in OA application;360ID client is obtained by 360ID server
Authorization code;360ID client sends authorization code to OA application;Authorization code will be sent to OA server by OA application;OA application
Send authorization code to OA server;Authorization code is sent to 360ID server by OA server;360ID server authentication success
Afterwards, account information OA server is sent to log in.
The embodiment of the present invention also provides a kind of electronic equipment, including memory, processor and storage are on a memory and can
The computer program run on a processor, the processor realize the method such as Fig. 2 when executing described program.
Fig. 4 shows the structural schematic diagram of the electronic equipment of one embodiment of the invention offer.
As shown in figure 4, electronic equipment provided in an embodiment of the present invention include memory 21, processor 22, bus 23 and
It is stored in the computer program that can be run on memory 21 and on processor 22.Wherein, the memory 21, processor 22
Mutual communication is completed by the bus 23.
The processor 22 is used to call the program instruction in the memory 21, realizes such as when executing described program
The method of Fig. 2.
For example, the processor realizes following method when executing described program:
Authentication Client receives the account information or authentication information of user's input, when the account information of user's input
Or authentication information it is correct when, into workspace;
Application system sends the request for obtaining authorization code to Authentication Client after receiving the open instructions of user;
Authentication Client receives the request for the acquisition authorization code that application system is sent, and is obtained by the certificate server
Authorization code, and authorization code is returned into application system;
Application system receives the authorization code that Authentication Client is sent, and authorization code is sent to the certificate server;
Account information is sent to and answers after a successful authentication by the authorization code that certificate server verifying application system is sent
With system, so that the application system is logged in.
Electronic equipment provided in an embodiment of the present invention verifies application system by certificate server, avoids account
Family information improves the safety of single-sign-on in transmission over networks.
The embodiment of the present invention also provides a kind of non-transient computer readable storage medium, is stored on the storage medium
Computer program is realized when described program is executed by processor such as the step of Fig. 2.
For example, the processor realizes following method when executing described program:
Authentication Client receives the account information or authentication information of user's input, when the account information of user's input
Or authentication information it is correct when, into workspace;
Application system sends the request for obtaining authorization code to Authentication Client after receiving the open instructions of user;
Authentication Client receives the request for the acquisition authorization code that application system is sent, and is obtained by the certificate server
Authorization code, and authorization code is returned into application system;
Application system receives the authorization code that Authentication Client is sent, and authorization code is sent to the certificate server;
Account information is sent to and answers after a successful authentication by the authorization code that certificate server verifying application system is sent
With system, so that the application system is logged in.
Non-transient computer readable storage medium provided in an embodiment of the present invention, by certificate server to application system
It is verified, avoids account information in transmission over networks, improve the safety of single-sign-on.
One embodiment of the invention discloses a kind of computer program product, and the computer program product is non-including being stored in
Computer program in transitory computer readable storage medium, the computer program include program instruction, when described program refers to
When order is computer-executed, computer is able to carry out method provided by above-mentioned each method embodiment, for example,
Authentication Client receives the account information or authentication information of user's input, when the account information of user's input
Or authentication information it is correct when, into workspace;
Application system sends the request for obtaining authorization code to Authentication Client after receiving the open instructions of user;
Authentication Client receives the request for the acquisition authorization code that application system is sent, and is obtained by the certificate server
Authorization code, and authorization code is returned into application system;
Application system receives the authorization code that Authentication Client is sent, and authorization code is sent to the certificate server;
Account information is sent to and answers after a successful authentication by the authorization code that certificate server verifying application system is sent
With system, so that the application system is logged in.
It will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments institute
Including certain features rather than other feature, but the combination of the feature of different embodiment means to be in model of the invention
Within enclosing and form different embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment
It can realize by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on such reason
Solution, substantially the part that contributes to existing technology can embody above-mentioned technical proposal in the form of software products in other words
Out, which may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, packet
Some instructions are included to use so that a computer equipment (can be personal computer, server or the network equipment etc.) executes
Method described in certain parts of each embodiment or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;To the greatest extent
Present invention has been described in detail with reference to the aforementioned embodiments for pipe, those skilled in the art should understand that: it is still
It is possible to modify the technical solutions described in the foregoing embodiments, or part of technical characteristic is equally replaced
It changes;And these are modified or replaceed, the essence for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution
Mind and range.
Claims (14)
1. a kind of single-node login system, which is characterized in that the system comprises:
Workspace, Authentication Client and certificate server, the workspace is integrated with the application system of multiple single-sign-ons, described
Authentication Client is the entrance of workspace, in which:
The Authentication Client, for receiving the account information or authentication information of user's input, when the account of user's input
When information or correct authentication information, into workspace;
The application system, for being sent to Authentication Client and obtaining asking for authorization code after receiving the open instructions of user
It asks, is also used to receive the authorization code of Authentication Client transmission, and authorization code is sent to the certificate server;
The Authentication Client is also used to receive the request of the acquisition authorization code of application system transmission, passes through the authentication service
Device obtains authorization code, and authorization code is returned to the application system;
The certificate server, the authorization code for being also used to verify application system transmission after a successful authentication send out account information
Application system is given, so that the application system is logged in.
2. system according to claim 1, which is characterized in that
The Authentication Client is after receiving the request of acquisition authorization code of application system transmission, to the certificate server
Send the request for carrying the acquisition authorization code of the application system mark;
The certificate server receives the request for the acquisition authorization code that the Authentication Client is sent, and generates awarding for encryption at random
The authorization code of generation is sent to the Authentication Client by weighted code.
3. system according to claim 2, which is characterized in that the application system includes: applications client and application clothes
Business device, in which:
The applications client, for being sent to Authentication Client and obtaining authorization code after receiving the open instructions of user
Request is also used to after the authorization code for receiving Authentication Client transmission, sends corresponding application server for authorization code;
Authorization code for receiving the authorization code of applications client transmission, and is sent to the certification and taken by the application server
Business device;
The certificate server, the authorization code for verifying application server transmission send out account information after being proved to be successful
Application server is given, so that the application server is logged in.
4. system according to claim 3, which is characterized in that
The certificate server is also used to after the authorization code verifying that application server is sent is completed, authorization code is destroyed.
5. system according to claim 1, which is characterized in that
The workspace, for after receiving the open instructions of user, starting the Authentication Client;
The Authentication Client, for receiving the account information of user's input, receiving the body of user setting when logging in first time
Part authentication information verifies the authentication information of user's input when logging on no more than user in given number of days;
It is also used to prompt user to re-enter account information, and verify when being more than that user logs on after the given number of days
The account information of user's input.
6. according to the method described in claim 5, it is characterized in that, the authentication information of the user setting include: gesture,
Password and fingerprint.
7. a kind of single-point logging method, which is characterized in that the described method includes:
Authentication Client receives the account information or authentication information of user's input, when the account information or identity of user's input
When authentication information is correct, into workspace;
Application system sends the request for obtaining authorization code to Authentication Client after receiving the open instructions of user;
Authentication Client receives the request for the acquisition authorization code that application system is sent, and is obtained and is authorized by the certificate server
Code, and authorization code is returned into application system;
Application system receives the authorization code that Authentication Client is sent, and authorization code is sent to the certificate server;
Certificate server verifies the authorization code that application system is sent, and after a successful authentication, account information is sent to using system
System, so that the application system is logged in.
8. the method according to the description of claim 7 is characterized in that the Authentication Client is obtained by the certificate server
Authorization code includes:
Authentication Client is sent after receiving the request of acquisition authorization code of application system transmission to the certificate server
Carry the request of the acquisition authorization code of the application system mark;
The certificate server receives the request for the acquisition authorization code that the Authentication Client is sent, and generates awarding for encryption at random
The authorization code of generation is sent to the Authentication Client by weighted code.
9. according to the method described in claim 8, it is characterized in that, the method also includes:
The applications client sends the request for obtaining authorization code to Authentication Client after receiving the open instructions of user,
After the authorization code for receiving Authentication Client transmission, corresponding application server is sent by authorization code;
Application server receives the authorization code that applications client is sent, and authorization code is sent to the certificate server;
Account information is sent to application after being proved to be successful by the authorization code that certificate server verifying application server is sent
Server, so that the application server is logged in.
10. according to the method described in claim 9, it is characterized in that, the method also includes:
The certificate server destroys authorization code after the authorization code verifying that application server is sent is completed.
11. the method according to the description of claim 7 is characterized in that the method also includes:
Workspace starts the Authentication Client after receiving the open instructions of user;
Authentication Client receives the account information of user's input when logging in first time, receives the authentication letter of user setting
Breath verifies the authentication information of user's input when logging on no more than user in given number of days;
When being more than that user logs on after the given number of days, Authentication Client prompt user re-enters account information, and
Verify the account information of user's input.
12. according to the method for claim 11, which is characterized in that the authentication information of the user setting includes: hand
Gesture, password and fingerprint.
13. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that realize that the single-point as described in any one of claim 7 to 12 is stepped on when the processor executes described program
The step of recording method.
14. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer
It is realized when program is executed by processor as described in any one of claim 7 to 12 the step of single-point logging method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810783415.9A CN109040030B (en) | 2018-07-17 | 2018-07-17 | Single sign-on method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810783415.9A CN109040030B (en) | 2018-07-17 | 2018-07-17 | Single sign-on method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109040030A true CN109040030A (en) | 2018-12-18 |
| CN109040030B CN109040030B (en) | 2021-08-27 |
Family
ID=64642982
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810783415.9A Active CN109040030B (en) | 2018-07-17 | 2018-07-17 | Single sign-on method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109040030B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111178995A (en) * | 2019-12-31 | 2020-05-19 | 航天信息股份有限公司企业服务分公司 | Method and system for bill processing based on cloud bill system |
| CN111342964A (en) * | 2020-05-15 | 2020-06-26 | 深圳竹云科技有限公司 | Single sign-on method, device and system |
| CN113572789A (en) * | 2021-08-17 | 2021-10-29 | 四川启睿克科技有限公司 | Secret-free login system and method for Internet of things intelligent equipment application |
| CN114978702A (en) * | 2022-05-24 | 2022-08-30 | 上海哔哩哔哩科技有限公司 | Account management method, account management platform and account management system |
| CN115002057A (en) * | 2022-05-26 | 2022-09-02 | 威艾特科技(深圳)有限公司 | Distributed multi-server instant messaging method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101202753A (en) * | 2007-11-29 | 2008-06-18 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
| CN103227799A (en) * | 2013-05-13 | 2013-07-31 | 山东临沂烟草有限公司 | Implementing method of unified user management and single sign-on platform based on multiple application systems |
| CN103929421A (en) * | 2014-04-03 | 2014-07-16 | 深圳英飞拓科技股份有限公司 | Single sign-on system and method of security and protection system |
| JP2018110012A (en) * | 2018-02-16 | 2018-07-12 | 株式会社アクシオ | Authentication system and authentication method |
-
2018
- 2018-07-17 CN CN201810783415.9A patent/CN109040030B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101202753A (en) * | 2007-11-29 | 2008-06-18 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
| CN103227799A (en) * | 2013-05-13 | 2013-07-31 | 山东临沂烟草有限公司 | Implementing method of unified user management and single sign-on platform based on multiple application systems |
| CN103929421A (en) * | 2014-04-03 | 2014-07-16 | 深圳英飞拓科技股份有限公司 | Single sign-on system and method of security and protection system |
| JP2018110012A (en) * | 2018-02-16 | 2018-07-12 | 株式会社アクシオ | Authentication system and authentication method |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111178995A (en) * | 2019-12-31 | 2020-05-19 | 航天信息股份有限公司企业服务分公司 | Method and system for bill processing based on cloud bill system |
| CN111178995B (en) * | 2019-12-31 | 2023-12-01 | 航天信息股份有限公司企业服务分公司 | Method and system for processing bill based on cloud bill system |
| CN111342964A (en) * | 2020-05-15 | 2020-06-26 | 深圳竹云科技有限公司 | Single sign-on method, device and system |
| CN111342964B (en) * | 2020-05-15 | 2020-08-11 | 深圳竹云科技有限公司 | Single sign-on method, device and system |
| CN113572789A (en) * | 2021-08-17 | 2021-10-29 | 四川启睿克科技有限公司 | Secret-free login system and method for Internet of things intelligent equipment application |
| CN114978702A (en) * | 2022-05-24 | 2022-08-30 | 上海哔哩哔哩科技有限公司 | Account management method, account management platform and account management system |
| CN114978702B (en) * | 2022-05-24 | 2024-03-19 | 上海哔哩哔哩科技有限公司 | Account management method, platform and system, computing device and readable storage medium |
| CN115002057A (en) * | 2022-05-26 | 2022-09-02 | 威艾特科技(深圳)有限公司 | Distributed multi-server instant messaging method |
| CN115002057B (en) * | 2022-05-26 | 2024-04-12 | 威艾特科技(深圳)有限公司 | Distributed multi-server instant messaging method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109040030B (en) | 2021-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11657396B1 (en) | System and method for bluetooth proximity enforced authentication | |
| US11290464B2 (en) | Systems and methods for adaptive step-up authentication | |
| EP3195108B1 (en) | System and method for integrating an authentication service within a network architecture | |
| CN109040030A (en) | Single-point logging method and system | |
| CN101227468B (en) | Method, device and system for authenticating user to network | |
| US8955076B1 (en) | Controlling access to a protected resource using multiple user devices | |
| CN101515932B (en) | Method and system for accessing Web service safely | |
| US11018867B1 (en) | Asynchronous step-up authentication for client applications | |
| US8856892B2 (en) | Interactive authentication | |
| JP6498358B2 (en) | Integrated authentication system that authenticates using disposable random numbers | |
| Ceccarelli et al. | Continuous and transparent user identity verification for secure internet services | |
| CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
| CN101257489A (en) | Method for protecting account number safety | |
| CN110149328A (en) | Interface method for authenticating, device, equipment and computer readable storage medium | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| CN104734849A (en) | Method and system for conducting authentication on third-party application | |
| CN104580184A (en) | Identity authentication method for mutual-trust application systems | |
| CN105703910A (en) | Dynamic password verifying method based on Wechat service number | |
| CN103902880A (en) | Windows system two-factor authentication method based on challenge responding type dynamic passwords | |
| CN103986734A (en) | Authentication management method and authentication management system applicable to high-security service system | |
| CN104104671B (en) | Establish the unified dynamic authorization code system of business entity's account | |
| CN110175448A (en) | A kind of credible equipment login authentication method and the application system with authentication function | |
| CN104009963B (en) | The security authentication mechanism of remote password | |
| KR20160037520A (en) | System and method for federated authentication based on biometrics | |
| EP3036674B1 (en) | Proof of possession for web browser cookie based security tokens |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Applicant before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |