CN112613010A - Authentication service method, device, server and authentication service system - Google Patents
Authentication service method, device, server and authentication service system Download PDFInfo
- Publication number
- CN112613010A CN112613010A CN202011585266.9A CN202011585266A CN112613010A CN 112613010 A CN112613010 A CN 112613010A CN 202011585266 A CN202011585266 A CN 202011585266A CN 112613010 A CN112613010 A CN 112613010A
- Authority
- CN
- China
- Prior art keywords
- target user
- user
- authority information
- application system
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000012795 verification Methods 0.000 claims abstract description 49
- 238000004891 communication Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 abstract description 17
- 238000012423 maintenance Methods 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 14
- 238000004590 computer program Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides an authentication service method, an authentication service device, a server and an authentication service system. Receiving a login request of a target user sent by a client, and verifying the login request based on a user login information database; if the verification is successful, acquiring the authority information of the target user in each application system from the user authority information database, and storing the authority information of the target user in each application system into a cache server; sending a login request verification success notification to a second authentication server so that the second authentication server generates a bill certificate of a target user, and establishing a corresponding relation between the bill certificate of the target user and authority information of the target user in each application system in a cache server; and returning the bill voucher to the client as an access voucher when the target user accesses each application system. The authority authentication process in the embodiment of the application is performed based on the user authority information database, so that the information maintenance cost is low.
Description
Technical Field
The embodiment of the application relates to the technical field of communication, in particular to an authentication service method, an authentication service device, a server and an authentication service system.
Background
With the continuous enrichment of business contents, more and more network application systems are built by enterprises. In order to facilitate the use of users, single sign-on is commonly realized among internal application systems, namely: in multiple application systems, a user only needs to log in once to access all mutually trusted application systems.
Due to differences of jobs, identities and the like, access permissions of different users in each application system may also be different, and the authentication process of single sign-on mainly includes: login authentication and authority authentication. At present, after a user is determined to log in successfully based on a user login information database, each application system is generally required to perform authority authentication on the user according to a corresponding relationship between the user and the authority stored in a local information database, so as to determine an access authority of the user in each application system.
The authentication process needs to be realized by each application system according to the corresponding relationship between the user and the authority stored in the information base of the application system, and each application system needs to maintain a set of information base containing the corresponding relationship between the user and the authority, so that the information maintenance cost is high.
Disclosure of Invention
The application aims to provide an authentication service method, an authentication service device, a server and an authentication service system, which are used for solving the problem of high information maintenance cost in the prior art.
According to a first aspect of the embodiments of the present application, there is provided an authentication service method applied to a first authentication server in an authentication service system, where the authentication service system further includes: a second authentication server, the method comprising:
receiving a login request of a target user sent by a client, and verifying the login request based on a user login information database;
if the verification is successful, acquiring the authority information of the target user in each application system from a user authority information database, and storing the authority information of the target user in each application system into a cache server; the user authority information database comprises: authority information of each user in each application system respectively;
sending a login request verification success notification to the second authentication server so that the second authentication server generates a bill credential of the target user, and establishing a corresponding relation between the bill credential of the target user and authority information of the target user in each application system in the cache server; and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
Optionally, the authentication service system further includes: an application program interface, API, gateway device;
the receiving of the login request of the target user sent by the client comprises:
receiving a login request of a target user sent by the API gateway equipment; the login request is received by the API gateway device from a client and forwarded to the first authentication server.
Optionally, the method further comprises:
receiving a bill voucher to be verified sent by an application system; the bill voucher to be verified is obtained after the application system analyzes a resource access request received from a client;
judging whether the bill voucher to be verified exists in the cache server or not; if so, determining user authority information corresponding to the bill credential to be verified, and returning the user authority information corresponding to the bill credential to be verified to the application system, so that the application system judges whether the user has the authority to access the resource according to the user authority information corresponding to the bill credential to be verified, and if so, allowing the resource to be accessed; and if not, returning an access failure notification to the client.
According to a second aspect of the embodiments of the present application, there is provided an authentication service method applied to a second authentication server in an authentication service system, where the authentication service system further includes: a first authentication server, the method comprising:
receiving a login request verification success notification sent by the first authentication server, wherein the login request verification success notification is sent to the second authentication server when the first authentication server receives a login request of a target user sent by a client and verifies the login request successfully based on a user login information database;
generating a bill voucher of the target user, and establishing a corresponding relation between the bill voucher of the target user and authority information of the target user in each application system in a cache server; the authority information of the target user in each application system is obtained by the first authentication server from a user authority information database, and the authority information of the target user in each application system is stored in the cache server; the user authority information database comprises: authority information of each user in each application system respectively;
and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
According to a third aspect of the embodiments of the present application, there is provided an authentication service apparatus applied to a first authentication server in an authentication service system, the authentication service system further including: a second authentication server, the apparatus comprising:
the system comprises a login request receiving module, a login request verifying module and a login request verifying module, wherein the login request receiving module is used for receiving a login request of a target user sent by a client and verifying the login request;
the authority information caching module is used for acquiring the authority information of the target user in each application system from a user authority information database if the verification is successful, and storing the authority information of the target user in each application system into a caching server; the user authority information database comprises: authority information of each user in each application system respectively;
a notification sending module, configured to send a login request verification success notification to the second authentication server, so that the second authentication server generates a ticket credential of the target user, and establishes, in the cache server, a correspondence between the ticket credential of the target user and the authority information of the target user in each application system; and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
According to a fourth aspect of the embodiments of the present application, there is provided an authentication service apparatus applied to a second authentication server in an authentication service system, the authentication service system further including: a first authentication server, the apparatus comprising:
a notification receiving module, configured to receive a login request verification success notification sent by the first authentication server, where the login request verification success notification is sent by the first authentication server to receive a login request of a target user sent by a client, and is sent to the second authentication server when the login request is successfully verified;
the bill voucher generating module is used for generating the bill voucher of the target user and establishing the corresponding relation between the bill voucher of the target user and the authority information of the target user in each application system in the cache server; the authority information of the target user in each application system is obtained by the first authentication server from a user authority information database, and the authority information of the target user in each application system is stored in the cache server; the user authority information database comprises: authority information of each user in each application system respectively;
and the bill voucher returning module is used for returning the bill voucher to the client as an access voucher when the target user accesses each application system.
According to a fifth aspect of embodiments of the present application, there is provided a server, including: one or more processors; a computer readable medium configured to store one or more programs which, when executed by one or more processors, cause the one or more processors to implement the authentication service method as the first aspect of the embodiments described above.
According to a sixth aspect of embodiments of the present application, there is provided another server, including: one or more processors; a computer readable medium configured to store one or more programs which, when executed by one or more processors, cause the one or more processors to implement the authentication service method of the second aspect as the above embodiment.
According to a seventh aspect of embodiments of the present application, there is provided a computer-readable storage medium on which a computer program is stored, the program, when executed by a processor, implementing the authentication service method of the first aspect or the second aspect as described above in the embodiments.
According to the authentication service method, the authentication service device, the authentication server and the authentication service system, a first authentication server in the authentication service system receives a login request of a target user sent by a client, and verifies the login request based on a user login information database; if the verification is successful, acquiring the authority information of the target user in each application system from a user authority information database, and storing the authority information of the target user in each application system into a cache server; the user authority information database comprises: authority information of each user in each application system respectively; sending a login request verification success notification to the second authentication server so that the second authentication server generates a bill credential of the target user, and establishing a corresponding relation between the bill credential of the target user and authority information of the target user in each application system in the cache server; and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
In the embodiment of the application, after the login request of the target user is successfully verified, that is, after the target user is successfully logged in, the first authentication server uniformly authenticates the authority of the target user in each application system according to the user authority information database including the authority information of each user in each application system: determining authority information of the target user in each application system, storing the authority information into a cache server, and generating an access certificate when the target user accesses each application system by a second authentication server: and establishing the bill voucher and the authority information of the target user in the cache server. In the process, each application system does not need to carry out authority authentication according to the corresponding relation between the user and the authority stored in the local information base. Compared with the existing method for performing authentication based on a plurality of information bases, the authority authentication process in the embodiment of the application is performed based on one user authority information database, so that the cost of information maintenance is low.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
fig. 1 is a schematic structural diagram of an authentication service system according to an embodiment of the present application;
fig. 2 is a flowchart illustrating steps of applying the authentication service method provided in the embodiment of the present application to the first authentication server in the authentication service system shown in fig. 1;
fig. 3 is a flowchart illustrating steps of applying the authentication service method provided in the second embodiment of the present application to the second authentication server in the authentication service system shown in fig. 1;
fig. 4 is a schematic structural diagram of an authentication service system according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating an example interaction of an authentication service based on the authentication service system shown in FIG. 4;
fig. 6 is a schematic structural diagram of an authentication service apparatus according to a third embodiment of the present application;
fig. 7 is a schematic structural diagram of an authentication service apparatus according to a fourth embodiment of the present application;
fig. 8 is a schematic structural diagram of a server according to a fifth embodiment of the present application;
fig. 9 is a hardware structure of a server according to a fifth embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an authentication service system provided in an embodiment of the present application, where the authentication service system includes: a first authentication server 100 and a second authentication server 200. The first authentication server is mainly used for verifying a login request of a target user, and storing authority information of the target user in each application system into the cache server when the verification is successful; the second authentication server 200 is mainly used to generate an access credential when the target user accesses each application system after confirming that the target user successfully logs in: and establishing a corresponding relation between the bill voucher and the authority information of the target user in each application system.
In the embodiment of the present application, the number of the first authentication servers may be 1, or a plurality of first authentication servers may be provided, and similarly, the number of the second authentication servers may be 1, or a plurality of second authentication servers may be provided. When the number of the first authentication servers is multiple, the first authentication server 100 in the authentication service system shown in fig. 1 is a first authentication server cluster composed of multiple first authentication servers and having a load balancing mechanism; when the number of the second authentication servers is multiple, the second authentication server 200 in the authentication service system shown in fig. 1 is a second authentication server cluster with a load balancing mechanism, which is composed of multiple second authentication servers. In the embodiment of the present application, the first authentication server 100 and the second authentication server 200 may be different servers or may be the same server.
Referring to fig. 2, fig. 2 is a flowchart illustrating steps of applying the authentication service method provided in the first embodiment of the present application to the first authentication server in the authentication service system shown in fig. 1, and the steps specifically include the following steps:
Specifically, the login request may include: target user information and a login password to be verified. Correspondingly, the user login information database may include: and the corresponding relation between the user information and the login password. The user information may be a user name, an account number, and other information of the user, and here, specific content of the user information is not limited.
The verification process of this step may include: determining a target login password corresponding to the target user information according to the corresponding relation between the user information and the login password; judging whether the target login password is consistent with the login password to be verified, if so, determining that the verification is successful; if not, the verification is confirmed to fail.
Wherein, the user authority information database comprises: and the authority information of each user in each application system respectively.
Typically, the database used to store the user rights information is a relational database. A relational database refers to a database that uses a relational model to organize data, and stores data in rows and columns for a user to understand conveniently, a series of rows and columns of the relational database are called tables, and a group of tables constitutes the database. The relational model can be simply understood as a two-dimensional table model, and a relational database is a data organization composed of two-dimensional tables and relations between them.
In this step, after acquiring the authority information of the target user in each application system, the first authentication server stores (writes) the authority information into the cache server, for the purpose of:
compared with a relational database, the data query speed of the cache server is higher, and the cache server can be used for storing frequently accessed data. Storing the authority information of the target user in each application system into a cache server, so that when the target user accesses resources in an application system after the authentication service for the target user is completed, the application system can quickly inquire the authority information of the target user in the cache server through the authentication service system, further determine whether the target user has the authority to access the resources according to the authority information, and if so, allow the access; if not, the access fails. The response speed of the application system can be improved.
And after receiving the bill credential of the target user returned by the second authentication server, the client can be used as an access credential when the target user accesses each application system. Specifically, the method comprises the following steps: when a target user wants to access an application system, the access certificate can be carried in an access request sent to the application system, after the application system receives the access request, the access certificate can be analyzed, validity verification is carried out in an authentication service system, if verification is successful, user permission information corresponding to the bill certificate is read from a buffer database and returned to the application system, and therefore the application system can determine whether to return a resource requested to be accessed to a client side or not according to the user permission information.
In the embodiment of the application, after the login request of the target user is successfully verified, that is, after the target user is successfully logged in, the first authentication server uniformly authenticates the authority of the target user in each application system according to the user authority information database including the authority information of each user in each application system: determining authority information of the target user in each application system, storing the authority information into a cache server, and generating an access certificate when the target user accesses each application system by a second authentication server: and establishing the bill voucher and the authority information of the target user in the cache server. In the process, each application system does not need to carry out authority authentication according to the corresponding relation between the user and the authority stored in the local information base. Compared with the existing method for performing authentication based on a plurality of information bases, the authority authentication process in the embodiment of the application is performed based on one user authority information database, so that the cost of information maintenance is low.
Referring to fig. 3, fig. 3 is a flowchart illustrating a step of applying the authentication service method provided by the second embodiment of the present application to the second authentication server in the authentication service system shown in fig. 1, and specifically includes the following steps:
Specifically, the login request verification success notification is sent to the second authentication server when the first authentication server receives the login request of the target user sent by the client and successfully verifies the login request based on the user login information database.
Specifically, the authority information of the target user in each application system is obtained by the first authentication server from the user authority information database, and the authority information of the target user in each application system is stored in the cache server; the user authority information database comprises: and the authority information of each user in each application system respectively.
In the embodiment shown in fig. 3, after the login request of the target user is successfully verified, that is, after the target user is successfully logged in, the first authentication server uniformly authenticates the rights of the target user in each application system according to the user rights information database including the rights information of each user in each application system: determining authority information of the target user in each application system, storing the authority information into a cache server, and generating an access certificate when the target user accesses each application system by a second authentication server: and establishing the bill voucher and the authority information of the target user in the cache server. In the process, each application system does not need to carry out authority authentication according to the corresponding relation between the user and the authority stored in the local information base. Compared with the existing method for performing authentication based on a plurality of information bases, the authority authentication process in the embodiment of the application is performed based on one user authority information database, so that the cost of information maintenance is low.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an authentication service system provided in the embodiment of the present application. The authentication service system shown in fig. 4 is added with an API (Application Programming Interface) gateway device 300 on the basis of the authentication service system shown in fig. 1. The API gateway device 300 is a transfer device for protocol transmission between a client and an authentication server (including a first server and a second server) in an authentication service system, and is configured to integrate the first authentication server and the second authentication server into a whole, and provide a uniform rest service for an external (client), so that interaction between the client and the authentication service system is simpler and more specific: the interactive process directly uses http as a transmission protocol, and no other protocol such as a message protocol is needed; data exchange is usually carried out in the format of xml and json, and the data description is simpler; when an interface (access and operation resources) is called, the context and the current state are not considered, so that the complexity is greatly reduced.
In this embodiment of the present application, the number of the API gateway devices may be 1, or may be multiple API gateway devices, and when the number of the API gateway devices is multiple, the API gateway device 300 in the authentication service system shown in fig. 4 is an API gateway device cluster that is composed of multiple API gateway devices and has a load balancing mechanism.
Referring to fig. 5, fig. 5 is a flowchart illustrating an interaction process of a specific example of performing an authentication service based on the authentication service system shown in fig. 4, where the interaction process includes:
step 501, the client sends a login request of a target user to the API gateway device.
Specifically, the login request may include: target user information and a login password to be verified. The target user information may be a user name, an account number, and the like of the target user, and here, specific content of the target user information is not limited.
Step 502, the API gateway device sends the login request to the first authentication server.
In step 503, the first authentication server verifies the login request based on the user login information database.
The user login information database may include: and the corresponding relation between the user information of each user and the login password.
The verification process may include: determining a target login password corresponding to the target user information according to the corresponding relation between the user information and the login password; judging whether the target login password is consistent with the login password to be verified, if so, determining that the verification is successful; if not, the verification is confirmed to fail.
Step 504, if the verification is successful, the first authentication server obtains the authority information of the target user in each application system from the user authority information database.
Wherein, the user authority information database comprises: and the authority information of each user in each application system respectively.
And 505, the first authentication server stores the authority information of the target user in each application system into the cache server.
Typically, the database used to store the user rights information is a relational database. A relational database refers to a database that uses a relational model to organize data, and stores data in rows and columns for a user to understand conveniently, a series of rows and columns of the relational database are called tables, and a group of tables constitutes the database. The relational model can be simply understood as a two-dimensional table model, and a relational database is a data organization composed of two-dimensional tables and relations between them.
After acquiring the authority information of the target user in each application system, the first authentication server stores (writes) the authority information into the cache server, and aims to:
compared with a relational database, the data query speed of the cache server is higher, and the cache server can be used for storing frequently accessed data. Storing the authority information of the target user in each application system into a cache server, so that when the target user accesses resources in an application system after the authentication service for the target user is completed, the application system can quickly inquire the authority information of the target user in the cache server through the authentication service system, further determine whether the target user has the authority to access the resources according to the authority information, and if so, allow the access; if not, the access fails. The response speed of the application system can be improved.
Step 506, the first authentication server sends a login request verification success notification to the second authentication server.
In step 507, the second authentication server generates a ticket voucher for the target user.
And step 508, the second authentication server establishes a corresponding relation between the bill credential of the target user and the authority information of the target user in each application system in the cache server.
In step 509, the second authentication server sends the ticket voucher to the API gateway device.
Step 510, the API gateway device returns the ticket voucher to the client as an access voucher when the target user accesses each application system.
After receiving the bill voucher of the target user returned by the API gateway device, the client can be used as an access voucher when the target user accesses each application system. Specifically, the method comprises the following steps: when a target user wants to access an application system, the access certificate can be carried in an access request sent to the application system, after the application system receives the access request, the access certificate can be analyzed, validity verification is carried out in an authentication service system, if verification is successful, user permission information corresponding to the bill certificate is read from a buffer database and returned to the application system, and therefore the application system can determine whether to return a resource requested to be accessed to a client side or not according to the user permission information.
Step 511, when the first authentication server receives the to-be-verified ticket voucher sent by the application system, the first authentication server determines whether the to-be-verified ticket voucher exists in the cache server.
The ticket voucher to be verified is obtained by analyzing a resource access request received from the client side by the application system. If yes, go to step 512.
Step 512, the first authentication server determines user authority information corresponding to the to-be-verified bill, and returns the user authority information corresponding to the to-be-verified bill to the application system, so that the application system judges whether the user has the authority to access the resource according to the user authority information corresponding to the to-be-verified bill, and if so, the resource is allowed to be accessed; and if not, returning an access failure notification to the client.
In the embodiment shown in fig. 5, after the login request of the target user is successfully verified, that is, after the target user is successfully logged in, the first authentication server uniformly authenticates the rights of the target user in each application system according to the user rights information database including the rights information of each user in each application system: determining authority information of the target user in each application system, storing the authority information into a cache server, and generating an access certificate when the target user accesses each application system by a second authentication server: and establishing the bill voucher and the authority information of the target user in the cache server. In the process, each application system does not need to carry out authority authentication according to the corresponding relation between the user and the authority stored in the local information base. Compared with the existing method for performing authentication based on a plurality of information bases, the authority authentication process in the embodiment of the application is performed based on one user authority information database, so that the cost of information maintenance is low.
In addition, when the application system receives a resource access request which is sent by the client and contains the bill voucher, the application system can directly send the bill voucher to the authentication service system, the authentication service system reads user authority information corresponding to the bill voucher from the cache server and returns the user authority information to the application system, the application system judges whether the user has the right to access the resource or not according to the user authority information, and corresponding operation is executed according to a judgment result. The application system does not need to judge the user authority according to the information base stored by the application system, so that the maintenance cost of the information base is reduced.
Meanwhile, the real-time user authority judgment of each application system is transferred to the authentication service system, and the authentication service system performs unified execution in advance, so that the operation of each application system is simplified, and the efficiency of user resource access is improved. In addition, since the authentication service system reads the user right information from the cache server, the speed is faster than that of each application system reading data from a relational database (information base) to judge the user right, and the efficiency of user resource access can be further improved.
Referring to fig. 6, fig. 6 is a schematic structural diagram of an authentication service apparatus according to a third embodiment of the present application, where the authentication service apparatus is applied to a first authentication server in an authentication service system, and the authentication service system further includes: a second authentication server, the authentication service apparatus comprising:
a login request receiving module 601, configured to receive a login request of a target user sent by a client, and verify the login request;
the authority information caching module 602 is configured to, if the verification is successful, obtain authority information of the target user in each application system from the user authority information database, and store the authority information of the target user in each application system in the caching server; the user authority information database comprises: authority information of each user in each application system respectively;
a notification sending module 603, configured to send a login request verification success notification to the second authentication server, so that the second authentication server generates a ticket credential of the target user, and establishes, in the cache server, a corresponding relationship between the ticket credential of the target user and the authority information of the target user in each application system; and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
Optionally, the authentication service system further includes: an application program interface, API, gateway device;
a login request receiving module 601, specifically configured to receive a login request of a target user sent by an API gateway device; the login request is received by the API gateway device from the client and forwarded to the first authentication server.
Optionally, the apparatus further comprises: the device comprises a receiving module and a judging module of the bill voucher to be verified;
the receiving module of the bill voucher to be verified is used for receiving the bill voucher to be verified sent by the application system; the bill voucher to be verified is obtained after the application system analyzes the resource access request received from the client;
the judging module is used for judging whether the bill voucher to be verified exists in the cache server or not; if so, determining user authority information corresponding to the bill certificate to be verified, and returning the user authority information corresponding to the bill certificate to be verified to the application system, so that the application system judges whether the user has the authority to access the resource according to the user authority information corresponding to the bill certificate to be verified, and if so, allowing the resource to be accessed; and if not, returning an access failure notification to the client.
The authentication service apparatus in the embodiment shown in fig. 6 of the present application is used to implement the corresponding authentication service method in the first method embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again. In addition, the functional implementation of each module in the authentication service apparatus in the embodiment of the present application can refer to the description of the corresponding part in the first method embodiment, and is not repeated here.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an authentication service apparatus according to a fourth embodiment of the present application, where the authentication service apparatus is applied to a second authentication server in an authentication service system, and the authentication service system further includes: a first authentication server, the authentication service apparatus comprising:
a notification receiving module 701, configured to receive a login request verification success notification sent by a first authentication server, where the login request verification success notification is a login request of a target user sent by a client received by the first authentication server, and is sent to a second authentication server when the login request is successfully verified;
the bill voucher generating module 702 is configured to generate a bill voucher of the target user, and establish a corresponding relationship between the bill voucher of the target user and authority information of the target user in each application system in the cache server; the authority information of the target user in each application system is obtained by the first authentication server from the user authority information database, and the authority information of the target user in each application system is stored in the cache server; the user authority information database comprises: authority information of each user in each application system respectively;
and a ticket credential returning module 703, configured to return a ticket credential to the client as an access credential when the target user accesses each application system.
The authentication service apparatus in the embodiment shown in fig. 7 of the present application is used to implement the corresponding authentication service method in the second method embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again. In addition, the functional implementation of each module in the authentication service apparatus in the embodiment of the present application can refer to the description of the corresponding part in the second method embodiment, and is not repeated here.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a server according to a fifth embodiment of the present application: the server may include:
one or more processors 801;
a computer-readable medium 802, which may be configured to store one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the authentication service method as in the first or second embodiment.
Fig. 9 is a hardware structure of a server according to a fifth embodiment of the present application; as shown in fig. 9, the hardware structure of the server may include: a processor 901, a communication interface 902, a computer-readable medium 903, and a communication bus 904;
wherein the processor 901, the communication interface 902, and the computer readable medium 903 are in communication with each other via a communication bus 904;
alternatively, the communication interface 902 may be an interface of a communication module, such as an interface of a GSM module;
the processor 901 may be specifically configured to: receiving a login request of a target user sent by a client, and verifying the login request based on a user login information database; if the verification is successful, acquiring the authority information of the target user in each application system from the user authority information database, and storing the authority information of the target user in each application system into a cache server; the user authority information database comprises: authority information of each user in each application system respectively; sending a login request verification success notification to a second authentication server so that the second authentication server generates a bill certificate of a target user, and establishing a corresponding relation between the bill certificate of the target user and authority information of the target user in each application system in a cache server; returning a bill voucher to the client as an access voucher when the target user accesses each application system; alternatively, the processor 901 may be specifically configured to: the login request receiving module is used for receiving a login request of a target user sent by a client and verifying the login request; the authority information caching module is used for acquiring the authority information of the target user in each application system from the user authority information database if the verification is successful, and storing the authority information of the target user in each application system into a caching server; the user authority information database comprises: authority information of each user in each application system respectively; the notification sending module is used for sending a login request verification success notification to the second authentication server so that the second authentication server generates a bill certificate of the target user, and establishing a corresponding relation between the bill certificate of the target user and authority information of the target user in each application system in the cache server; and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
The Processor 901 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The computer-readable medium 903 may be, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
In particular, according to an embodiment of the present application, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code configured to perform the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section, and/or installed from a removable medium. The computer program, when executed by a Central Processing Unit (CPU), performs the above-described functions defined in the method of the present application. It should be noted that the computer readable medium of the present application can be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access storage media (RAM), a read-only storage media (ROM), an erasable programmable read-only storage media (EPROM or flash memory), an optical fiber, a portable compact disc read-only storage media (CD-ROM), an optical storage media piece, a magnetic storage media piece, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code configured to carry out operations for the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may operate over any of a variety of networks: including a Local Area Network (LAN) or a Wide Area Network (WAN) -to the user's computer, or alternatively, to an external computer (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions configured to implement the specified logical function(s). In the above embodiments, specific precedence relationships are provided, but these precedence relationships are only exemplary, and in particular implementations, the steps may be fewer, more, or the execution order may be modified. That is, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present application may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor comprises a login request receiving module, a permission information caching module and a notification sending module; alternatively, a processor includes a notification reception module, a ticket credential generation module, and a ticket credential return module. The names of these modules do not constitute a limitation to the modules themselves in some cases, for example, the login request receiving module may also be described as a "module that receives a login request of a target user sent by a client and verifies the login request".
As another aspect, the present application also provides a computer-readable medium on which a computer program is stored, the program, when executed by a processor, implementing the authentication service method as described in the first or second embodiment.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the apparatus described in the above embodiments; or may be present separately and not assembled into the device. The computer readable medium carries one or more programs which, when executed by the apparatus, cause the apparatus to: receiving a login request of a target user sent by a client, and verifying the login request based on a user login information database; if the verification is successful, acquiring the authority information of the target user in each application system from the user authority information database, and storing the authority information of the target user in each application system into a cache server; the user authority information database comprises: authority information of each user in each application system respectively; sending a login request verification success notification to a second authentication server so that the second authentication server generates a bill certificate of a target user, and establishing a corresponding relation between the bill certificate of the target user and authority information of the target user in each application system in a cache server; and returning the bill voucher to the client as an access voucher when the target user accesses each application system. Or, causing the apparatus to: receiving a login request verification success notification sent by a first authentication server, wherein the login request verification success notification is sent to a second authentication server when the first authentication server receives a login request of a target user sent by a client and verifies the login request successfully based on a user login information database; generating a bill voucher of a target user, and establishing a corresponding relation between the bill voucher of the target user and authority information of the target user in each application system in a cache server; the authority information of the target user in each application system is obtained by the first authentication server from the user authority information database, and the authority information of the target user in each application system is stored in the cache server; the user authority information database comprises: authority information of each user in each application system respectively; and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
The expressions "first", "second", "said first" or "said second" used in various embodiments of the present disclosure may modify various components regardless of order and/or importance, but these expressions do not limit the respective components. The above description is only configured for the purpose of distinguishing elements from other elements. For example, the first user equipment and the second user equipment represent different user equipment, although both are user equipment. For example, a first element could be termed a second element, and, similarly, a second element could be termed a first element, without departing from the scope of the present disclosure.
When an element (e.g., a first element) is referred to as being "operably or communicatively coupled" or "connected" (operably or communicatively) to "another element (e.g., a second element) or" connected "to another element (e.g., a second element), it is understood that the element is directly connected to the other element or the element is indirectly connected to the other element via yet another element (e.g., a third element). In contrast, it is understood that when an element (e.g., a first element) is referred to as being "directly connected" or "directly coupled" to another element (a second element), no element (e.g., a third element) is interposed therebetween.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (10)
1. An authentication service method, applied to a first authentication server in an authentication service system, the authentication service system further comprising: a second authentication server, the method comprising:
receiving a login request of a target user sent by a client, and verifying the login request based on a user login information database;
if the verification is successful, acquiring the authority information of the target user in each application system from a user authority information database, and storing the authority information of the target user in each application system into a cache server; the user authority information database comprises: authority information of each user in each application system respectively;
sending a login request verification success notification to the second authentication server so that the second authentication server generates a bill credential of the target user, and establishing a corresponding relation between the bill credential of the target user and authority information of the target user in each application system in the cache server; and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
2. The method of claim 1, wherein the authentication service system further comprises: an application program interface, API, gateway device;
the receiving of the login request of the target user sent by the client comprises:
receiving a login request of a target user sent by the API gateway equipment; the login request is received by the API gateway device from a client and forwarded to the first authentication server.
3. The method of claim 1 or 2, further comprising:
receiving a bill voucher to be verified sent by an application system; the bill voucher to be verified is obtained after the application system analyzes a resource access request received from a client;
judging whether the bill voucher to be verified exists in the cache server or not; if so, determining user authority information corresponding to the bill credential to be verified, and returning the user authority information corresponding to the bill credential to be verified to the application system, so that the application system judges whether the user has the authority to access the resource according to the user authority information corresponding to the bill credential to be verified, and if so, allowing the resource to be accessed; and if not, returning an access failure notification to the client.
4. An authentication service method, applied to a second authentication server in an authentication service system, the authentication service system further comprising: a first authentication server, the method comprising:
receiving a login request verification success notification sent by the first authentication server, wherein the login request verification success notification is sent to the second authentication server when the first authentication server receives a login request of a target user sent by a client and verifies the login request successfully based on a user login information database;
generating a bill voucher of the target user, and establishing a corresponding relation between the bill voucher of the target user and authority information of the target user in each application system in a cache server; the authority information of the target user in each application system is obtained by the first authentication server from a user authority information database, and the authority information of the target user in each application system is stored in the cache server; the user authority information database comprises: authority information of each user in each application system respectively;
and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
5. An authentication service apparatus, applied to a first authentication server in an authentication service system, the authentication service system further comprising: a second authentication server, the apparatus comprising:
the system comprises a login request receiving module, a login request verifying module and a login request verifying module, wherein the login request receiving module is used for receiving a login request of a target user sent by a client and verifying the login request;
the authority information caching module is used for acquiring the authority information of the target user in each application system from a user authority information database if the verification is successful, and storing the authority information of the target user in each application system into a caching server; the user authority information database comprises: authority information of each user in each application system respectively;
a notification sending module, configured to send a login request verification success notification to the second authentication server, so that the second authentication server generates a ticket credential of the target user, and establishes, in the cache server, a correspondence between the ticket credential of the target user and the authority information of the target user in each application system; and returning the bill voucher to the client as an access voucher when the target user accesses each application system.
6. An authentication service apparatus, applied to a second authentication server in an authentication service system, the authentication service system further comprising: a first authentication server, the apparatus comprising:
a notification receiving module, configured to receive a login request verification success notification sent by the first authentication server, where the login request verification success notification is sent by the first authentication server to receive a login request of a target user sent by a client, and is sent to the second authentication server when the login request is successfully verified;
the bill voucher generating module is used for generating the bill voucher of the target user and establishing the corresponding relation between the bill voucher of the target user and the authority information of the target user in each application system in the cache server; the authority information of the target user in each application system is obtained by the first authentication server from a user authority information database, and the authority information of the target user in each application system is stored in the cache server; the user authority information database comprises: authority information of each user in each application system respectively;
and the bill voucher returning module is used for returning the bill voucher to the client as an access voucher when the target user accesses each application system.
7. A server, characterized by comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the authentication service method according to any one of claims 1-4.
8. A server, characterized by comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the authentication service method as claimed in claim 5.
9. An authentication service system, comprising: the server of claim 7 and the server of claim 8.
10. The system of claim 9, further comprising: an API gateway device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011585266.9A CN112613010A (en) | 2020-12-28 | 2020-12-28 | Authentication service method, device, server and authentication service system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011585266.9A CN112613010A (en) | 2020-12-28 | 2020-12-28 | Authentication service method, device, server and authentication service system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112613010A true CN112613010A (en) | 2021-04-06 |
Family
ID=75249321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011585266.9A Pending CN112613010A (en) | 2020-12-28 | 2020-12-28 | Authentication service method, device, server and authentication service system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112613010A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395289A (en) * | 2021-06-30 | 2021-09-14 | 北京奇艺世纪科技有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
| CN113949534A (en) * | 2021-09-22 | 2022-01-18 | 广东电网有限责任公司 | Resource access method and device for information system, electronic equipment and storage medium |
| CN113992420A (en) * | 2021-10-29 | 2022-01-28 | 蜂巢能源科技(无锡)有限公司 | Authority management method, system and electronic equipment |
| CN114095502A (en) * | 2021-10-08 | 2022-02-25 | 浙江吉利控股集团有限公司 | Service processing method, system, device and medium |
| CN114338223A (en) * | 2022-01-14 | 2022-04-12 | 百果园技术(新加坡)有限公司 | User authentication method, system, device, equipment and storage medium |
| CN114338154A (en) * | 2021-12-28 | 2022-04-12 | 北京易华录信息技术股份有限公司 | User identity authentication method, device, equipment and computer readable storage medium |
| CN114567475A (en) * | 2022-02-23 | 2022-05-31 | 平安国际智慧城市科技股份有限公司 | Multi-system login method and device, electronic equipment and storage medium |
| CN114598490A (en) * | 2021-04-09 | 2022-06-07 | 亚信科技(南京)有限公司 | Method, device and equipment for redirecting page based on API gateway and storage medium |
| CN115102784A (en) * | 2022-07-21 | 2022-09-23 | 武汉联影医疗科技有限公司 | Authority information management method, device, computer equipment, storage medium and product |
| CN115150154A (en) * | 2022-06-30 | 2022-10-04 | 深圳希施玛数据科技有限公司 | User login authentication method and related device |
| CN115174575A (en) * | 2022-06-28 | 2022-10-11 | 重庆长安汽车股份有限公司 | Service control method and device, electronic equipment and storage medium |
| CN115242400A (en) * | 2022-06-29 | 2022-10-25 | 重庆长安汽车股份有限公司 | Vehicle Token uniqueness and cloud authentication system and method |
| CN115842680A (en) * | 2023-02-14 | 2023-03-24 | 杭州西软计算机工程有限公司 | Network identity authentication management method and system |
| CN115865502A (en) * | 2022-12-07 | 2023-03-28 | 中国联合网络通信集团有限公司 | Authority management and control method, device, equipment and storage medium |
| CN116631071A (en) * | 2023-07-19 | 2023-08-22 | 倍施特科技(集团)股份有限公司 | Multi-mode self-service terminal control method for ticketing and self-service terminal |
| CN116647413A (en) * | 2023-07-26 | 2023-08-25 | 深圳竹云科技股份有限公司 | Application login method, device, computer equipment and storage medium |
| CN115242400B (en) * | 2022-06-29 | 2024-06-04 | 重庆长安汽车股份有限公司 | Vehicle-mounted Token uniqueness and cloud authentication system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172054A (en) * | 2017-05-26 | 2017-09-15 | 努比亚技术有限公司 | A kind of purview certification method based on CAS, apparatus and system |
| CN109587147A (en) * | 2018-12-11 | 2019-04-05 | 咪咕文化科技有限公司 | A kind of single-node login system, method, server and storage medium |
| CN109600342A (en) * | 2017-09-30 | 2019-04-09 | 广东亿迅科技有限公司 | Uniform authentication method and device based on one-point technique |
| CN111651747A (en) * | 2020-05-11 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Login bill synchronization system and method and related equipment |
-
2020
- 2020-12-28 CN CN202011585266.9A patent/CN112613010A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172054A (en) * | 2017-05-26 | 2017-09-15 | 努比亚技术有限公司 | A kind of purview certification method based on CAS, apparatus and system |
| CN109600342A (en) * | 2017-09-30 | 2019-04-09 | 广东亿迅科技有限公司 | Uniform authentication method and device based on one-point technique |
| CN109587147A (en) * | 2018-12-11 | 2019-04-05 | 咪咕文化科技有限公司 | A kind of single-node login system, method, server and storage medium |
| CN111651747A (en) * | 2020-05-11 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Login bill synchronization system and method and related equipment |
Non-Patent Citations (1)
| Title |
|---|
| 张锐 等: "多业务***的统一认证授权研究与设计", 计算机工程与设计, vol. 30, no. 08, 30 April 2009 (2009-04-30), pages 1826 - 1828 * |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598490A (en) * | 2021-04-09 | 2022-06-07 | 亚信科技(南京)有限公司 | Method, device and equipment for redirecting page based on API gateway and storage medium |
| CN114598490B (en) * | 2021-04-09 | 2024-03-29 | 亚信科技(南京)有限公司 | Method, device, equipment and storage medium for redirecting page based on API gateway |
| CN113395289A (en) * | 2021-06-30 | 2021-09-14 | 北京奇艺世纪科技有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
| CN113949534A (en) * | 2021-09-22 | 2022-01-18 | 广东电网有限责任公司 | Resource access method and device for information system, electronic equipment and storage medium |
| CN114095502A (en) * | 2021-10-08 | 2022-02-25 | 浙江吉利控股集团有限公司 | Service processing method, system, device and medium |
| CN114095502B (en) * | 2021-10-08 | 2023-11-03 | 浙江吉利控股集团有限公司 | Service processing method, system, device and medium |
| CN113992420A (en) * | 2021-10-29 | 2022-01-28 | 蜂巢能源科技(无锡)有限公司 | Authority management method, system and electronic equipment |
| CN113992420B (en) * | 2021-10-29 | 2023-12-01 | 蜂巢能源科技(无锡)有限公司 | Authority management method, system, electronic equipment and storage medium |
| CN114338154A (en) * | 2021-12-28 | 2022-04-12 | 北京易华录信息技术股份有限公司 | User identity authentication method, device, equipment and computer readable storage medium |
| CN114338223A (en) * | 2022-01-14 | 2022-04-12 | 百果园技术(新加坡)有限公司 | User authentication method, system, device, equipment and storage medium |
| CN114338223B (en) * | 2022-01-14 | 2024-01-09 | 百果园技术(新加坡)有限公司 | User authentication method, system, device, equipment and storage medium |
| CN114567475A (en) * | 2022-02-23 | 2022-05-31 | 平安国际智慧城市科技股份有限公司 | Multi-system login method and device, electronic equipment and storage medium |
| CN115174575A (en) * | 2022-06-28 | 2022-10-11 | 重庆长安汽车股份有限公司 | Service control method and device, electronic equipment and storage medium |
| CN115174575B (en) * | 2022-06-28 | 2023-06-16 | 重庆长安汽车股份有限公司 | Service control method, device, electronic equipment and storage medium |
| CN115242400B (en) * | 2022-06-29 | 2024-06-04 | 重庆长安汽车股份有限公司 | Vehicle-mounted Token uniqueness and cloud authentication system and method |
| CN115242400A (en) * | 2022-06-29 | 2022-10-25 | 重庆长安汽车股份有限公司 | Vehicle Token uniqueness and cloud authentication system and method |
| CN115150154B (en) * | 2022-06-30 | 2023-05-26 | 深圳希施玛数据科技有限公司 | User login authentication method and related device |
| CN115150154A (en) * | 2022-06-30 | 2022-10-04 | 深圳希施玛数据科技有限公司 | User login authentication method and related device |
| CN115102784B (en) * | 2022-07-21 | 2023-06-23 | 武汉联影医疗科技有限公司 | Rights information management method, device, computer equipment and storage medium |
| CN115102784A (en) * | 2022-07-21 | 2022-09-23 | 武汉联影医疗科技有限公司 | Authority information management method, device, computer equipment, storage medium and product |
| CN115865502A (en) * | 2022-12-07 | 2023-03-28 | 中国联合网络通信集团有限公司 | Authority management and control method, device, equipment and storage medium |
| CN115865502B (en) * | 2022-12-07 | 2024-04-30 | 中国联合网络通信集团有限公司 | Authority management and control method, device, equipment and storage medium |
| CN115842680A (en) * | 2023-02-14 | 2023-03-24 | 杭州西软计算机工程有限公司 | Network identity authentication management method and system |
| CN116631071A (en) * | 2023-07-19 | 2023-08-22 | 倍施特科技(集团)股份有限公司 | Multi-mode self-service terminal control method for ticketing and self-service terminal |
| CN116647413B (en) * | 2023-07-26 | 2023-10-13 | 深圳竹云科技股份有限公司 | Application login method, device, computer equipment and storage medium |
| CN116647413A (en) * | 2023-07-26 | 2023-08-25 | 深圳竹云科技股份有限公司 | Application login method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112613010A (en) | Authentication service method, device, server and authentication service system | |
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| US10880292B2 (en) | Seamless transition between WEB and API resource access | |
| US11575735B2 (en) | Cloud application-agnostic data loss prevention (DLP) | |
| US9503447B2 (en) | Secure communication between processes in cloud | |
| US9923906B2 (en) | System, method and computer program product for access authentication | |
| WO2017028804A1 (en) | Web real-time communication platform authentication and access method and device | |
| US9584615B2 (en) | Redirecting access requests to an authorized server system for a cloud service | |
| US20150188909A1 (en) | System and Method for Mobile Single Sign-On Integration | |
| CN111935094A (en) | Database access method, device, system and computer readable storage medium | |
| US8745088B2 (en) | System and method of performing risk analysis using a portal | |
| CN109995710B (en) | Local area network equipment management system and method | |
| WO2016173199A1 (en) | Mobile application single sign-on method and device | |
| CN110247917B (en) | Method and apparatus for authenticating identity | |
| CN110958237A (en) | Authority verification method and device | |
| CN105049427B (en) | The management method and device of application system login account | |
| US9239911B2 (en) | Replacement of security credentials for secure proxying | |
| US20170279706A1 (en) | Link processing method, apparatus, and system | |
| CN111698250A (en) | Access request processing method and device, electronic equipment and computer storage medium | |
| CN109587147A (en) | A kind of single-node login system, method, server and storage medium | |
| CN112583834B (en) | Method and device for single sign-on through gateway | |
| CN105430102A (en) | Integration method and system of SaaS (Software as a Service) website and third-party system and device thereof | |
| US9497195B2 (en) | System, method of disclosing information, and apparatus | |
| CN112511316A (en) | Single sign-on access method and device, computer equipment and readable storage medium | |
| CN112702336A (en) | Security control method and device for government affair service, security gateway and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |