CN113111335A - Authentication method, device, equipment and storage medium - Google Patents
Authentication method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113111335A CN113111335A CN202010032716.5A CN202010032716A CN113111335A CN 113111335 A CN113111335 A CN 113111335A CN 202010032716 A CN202010032716 A CN 202010032716A CN 113111335 A CN113111335 A CN 113111335A
- Authority
- CN
- China
- Prior art keywords
- information
- actual
- service platform
- identification information
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 104
- 238000013475 authorization Methods 0.000 claims abstract description 254
- 238000012795 verification Methods 0.000 claims description 78
- 230000001360 synchronised effect Effects 0.000 claims description 33
- 230000004044 response Effects 0.000 claims description 32
- 238000004590 computer program Methods 0.000 claims description 11
- 230000000977 initiatory effect Effects 0.000 claims description 9
- 238000005192 partition Methods 0.000 claims description 7
- 238000012216 screening Methods 0.000 claims description 6
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 20
- 230000002457 bidirectional effect Effects 0.000 description 6
- 230000015556 catabolic process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 238000006731 degradation reaction Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000010355 oscillation Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/542—Event management; Broadcasting; Multicasting; Notifications
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses an authentication method, an authentication device, authentication equipment and a storage medium, wherein the method comprises the following steps: receiving an authentication request, wherein the authentication request carries user information; acquiring target information meeting authorization standards in user information and generating authorization identification information; storing the authorization identification information, and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster; and returning the authorization identification information to the target user equipment corresponding to the target information. The method ensures that the user equipment can access the service data of all the service platforms in the service platform cluster after passing the authentication of one service platform in the scene of the service platform cluster, thereby ensuring the overall availability of the service platform cluster. In addition, the application also provides an authentication device, equipment and a storage medium, and the beneficial effects are as described above.
Description
Technical Field
The present application relates to the field of communication authentication, and in particular, to an authentication method, apparatus, device, and storage medium.
Background
With the continuous development of network technology, networks are becoming one of the commonly used ways for people to acquire information, so that various types of service platforms formed based on server devices in the networks are also continuously appearing, and corresponding service services are provided for user equipment in the networks. Because the communication efficiency is affected by the communication distance, in order to ensure that the user equipment in different geographic areas can access the service platform relatively efficiently, in an actual scene, the service platforms with the same service type are deployed in different geographic areas to form a service platform cluster, and then the user equipment can preferentially access the service platform in the area or the service platform with the highest proximity degree with the area according to the current area.
In order to ensure data security of a service platform, when a user equipment accesses the service platform, the user equipment often needs to be subjected to identity authentication, so that only the user equipment authorized by the service platform is allowed to access the service platform, but in the current service platform cluster scene of distributed deployment, after the user equipment passes authentication of a certain service platform in the service platform cluster, the user equipment still cannot access service data of other service platforms in the service platform cluster, and it is difficult to ensure the overall availability of the service platform cluster.
Therefore, it can be seen that, providing an authentication method to ensure that, in a scenario of a service platform cluster, a user equipment can access service data of all service platforms in the service platform cluster after passing authentication of one service platform, thereby ensuring overall availability of the service platform cluster is a problem to be solved by those skilled in the art.
Disclosure of Invention
The present application aims to provide an authentication method, an authentication device, an authentication apparatus, and a storage medium, so as to ensure that, in a scenario of a service platform cluster, a user equipment can access service data of all service platforms in the service platform cluster after passing authentication of one of the service platforms, thereby ensuring overall availability of the service platform cluster.
In order to solve the above technical problem, the present application provides an authentication method, applied to a service platform in a service platform cluster, including:
receiving an authentication request, wherein the authentication request carries user information;
acquiring target information meeting authorization standards in user information and generating authorization identification information;
storing the authorization identification information, and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to the access request initiated by the user equipment based on the synchronization information;
and returning the authorization identification information to the target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorization identification information.
Preferably, the method further comprises:
receiving a current access request, wherein the current access request carries actual authorization identification information;
judging whether the actual authorization identification information is matched with the authorization identification information in the synchronous information;
if the access request is matched with the authorization identification information in the synchronous information, executing service response to corresponding current user equipment according to the current access request;
and if the current access request is not matched with the authorization identification information in the synchronous information, stopping responding to the current access request.
Preferably, generating the authorization identification information includes:
acquiring platform identity information of a local service platform, and performing encryption operation on plaintext information containing the platform identity information to obtain authorization identification information;
the method further comprises the following steps:
receiving a current access request, wherein the current access request carries actual authorization identification information;
carrying out decryption operation on the actual authorization identification information to obtain actual plaintext information, and obtaining actual platform identity information in the actual plaintext information;
initiating a verification request for actual authorization identification information to a corresponding target service platform according to the actual platform identity information, and receiving a verification result;
judging whether the checking result is in a checking passing state or not;
if the verification result is in a verification passing state, executing a service response to the corresponding current user equipment according to the current access request;
and if the verification result is not in the verification passing state, stopping responding to the current access request.
Preferably, generating the authorization identification information includes:
generating authentication information according to the target information, and performing encryption operation on plaintext information containing the authentication information to obtain authorization identification information;
the method further comprises the following steps:
receiving a current access request, wherein the current access request carries actual authorization identification information and actual user information;
carrying out decryption operation on the actual authorization identification information to obtain actual plaintext information, and obtaining actual authentication information in the actual plaintext information;
judging whether the actual user information is matched with the actual authentication information;
if the actual user information is matched with the actual authentication information, executing service response to corresponding current user equipment according to the current access request;
and if the actual user information is not matched with the actual authentication information, stopping responding to the current access request.
Preferably, generating the authorization identification information includes:
acquiring platform identity information of a local service platform, and generating authentication information according to target information;
obtaining authorization identification information based on encryption operation performed on plaintext information containing platform identity information and authentication information;
the method further comprises the following steps:
receiving a current access request, wherein the current access request carries actual authorization identification information;
judging whether the actual authorization identification information is matched with the authorization identification information in the synchronous information;
if the access request is matched with the authorization identification information in the synchronous information, executing service response to corresponding current user equipment according to the current access request;
if the actual authorization identification information is not matched with the authorization identification information in the synchronous information, performing decryption operation on the actual authorization identification information to obtain actual plaintext information, and acquiring actual platform identity information in the actual plaintext information;
initiating a verification request for actual authorization identification information to a corresponding target service platform according to the actual platform identity information, and receiving a verification result;
judging whether the checking result is in a checking passing state or not;
if the verification result is in a verification passing state, executing a service response to the corresponding current user equipment according to the current access request;
if the verification result is not in a verification passing state, acquiring actual authentication information in the actual plaintext information;
judging whether the actual user information is matched with the actual authentication information;
if the actual user information is matched with the actual authentication information, executing service response to corresponding current user equipment according to the current access request;
and if the actual user information is not matched with the actual authentication information, stopping responding to the current access request.
Preferably, before broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster, the method further comprises:
generating synchronization information including generation target information;
broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster, including:
broadcasting the synchronous information containing the authorization identification information to other service platforms in the service platform cluster through a message queue;
when the actual synchronization information is received, the method further comprises:
screening to obtain non-local service platform generated target actual synchronization information in the actual synchronization information according to the generated object information;
and updating the local database based on the target actual synchronization information, and broadcasting to other service platforms in the service platform cluster.
Preferably, updating the local database based on the target actual synchronization information comprises:
and storing the target actual synchronization information into a local database, or deleting the target actual synchronization information in the local database.
Preferably, before updating the local database based on the target actual synchronization information, the method further comprises:
judging whether the target actual synchronization information exists in a local database or not;
if the target actual synchronization information exists, discarding the target actual synchronization information;
and if the target actual synchronization information does not exist, executing a step of updating the local database based on the target actual synchronization information.
Preferably, when the number of the target actual synchronization information is greater than 1 and the actual identity is the same, updating the local database based on the target actual synchronization information includes:
and updating the local database based on the latest target actual synchronization information with the minimum time difference with the current time when the time is generated in the target actual synchronization information.
Preferably, broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster through a message queue includes:
and broadcasting the synchronous information with the same identity identifier to other service platforms in the service platform cluster through the partition channel corresponding to the identity identifier in the message queue.
In addition, the present application further provides an authentication apparatus applied to a service platform in a service platform cluster, including:
the request receiving module is used for receiving an authentication request, and the authentication request carries user information;
the authorization information generation module is used for acquiring target information meeting authorization standards in the user information and generating authorization identification information;
the synchronization module is used for storing the authorization identification information and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to the access request initiated by the user equipment based on the synchronization information;
and the identification output module is used for returning the authorized identification information to the target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorized identification information.
In addition, the present application also provides a service platform device, including:
a memory for storing a computer program;
a processor for implementing the steps of the authentication method as described above when executing the computer program.
Furthermore, the present application also provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, realizes the steps of the authentication method as described above.
The authentication method provided by the application is applied to a service platform in a service platform cluster, and comprises the steps of firstly receiving an authentication request carrying user information, obtaining target information meeting an authorization standard in the user information, generating authorization identification information, further storing the authorization information, broadcasting synchronization information containing the authorization identification information to other service platforms in the service platform cluster, so that the service platforms in the service platform cluster can respond to an access request initiated by user equipment based on the synchronization information, and further returning the authorization identification information to target user equipment corresponding to the target information, so that the target user equipment can access the service platforms in the service platform cluster based on the authorization identification information. According to the method, after target information in user information is authenticated by one service platform in a service platform cluster, the service platform broadcasts synchronization information containing authorization identification information generated by the authentication to other service platforms in the service platform cluster, and then the other service platforms can respond to an access request initiated by the user equipment based on the authorization identification information, so that in a scene of the service platform cluster, the user equipment can access service data of all service platforms in the service platform cluster after passing the authentication of one service platform, and further the overall availability of the service platform cluster is ensured. In addition, the application also provides an authentication device, equipment and a storage medium, and the beneficial effects are as described above.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of an authentication method disclosed in an embodiment of the present application;
fig. 2 is a flowchart of a specific authentication method disclosed in an embodiment of the present application;
fig. 3 is a flowchart of a specific authentication method disclosed in an embodiment of the present application;
FIG. 4 is a flowchart of a specific authentication method disclosed in an embodiment of the present application;
FIG. 5 is a flowchart of a specific authentication method disclosed in an embodiment of the present application;
fig. 6 is a schematic view of an application scenario of an authentication method disclosed in an embodiment of the present application;
fig. 7 is a schematic structural diagram of an authentication device disclosed in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
In order to ensure data security of a service platform, when a user equipment accesses the service platform, the user equipment often needs to be subjected to identity authentication, so that only the user equipment authorized by the service platform is allowed to access the service platform, but in the current service platform cluster scene of distributed deployment, after the user equipment passes authentication of a certain service platform in the service platform cluster, the user equipment still cannot access service data of other service platforms in the service platform cluster, and it is difficult to ensure the overall availability of the service platform cluster.
Therefore, the core of the present application is to provide an authentication method, which ensures that in a scenario of a service platform cluster, a user equipment can access service data of all service platforms in the service platform cluster after passing authentication of one service platform, thereby ensuring overall availability of the service platform cluster.
Referring to fig. 1, an embodiment of the present application discloses an authentication method, which is applied to a service platform in a service platform cluster, and includes:
step S10: and receiving an authentication request, wherein the authentication request carries user information.
It should be noted that the authentication request received in this step is a request initiated by the user equipment, and the authentication request carries user information of the corresponding user equipment. That is to say, before the user equipment normally accesses the service platform in the service platform cluster, the user equipment needs to acquire the authorization identification information provided by the service platform in the service platform cluster, and since the service platform only allows the user equipment with access right to access the service platform, the authentication request of the user equipment needs to carry user information representing the identity of the user equipment, including but not limited to the type of the user equipment, the user account of the user equipment, the user password of the user equipment, and the like.
Step S11: and acquiring target information meeting authorization standards in the user information, and generating authorization identification information.
After an authentication request of user equipment is obtained, a service platform checks user information in the authentication request, and then obtains target information meeting an authorization standard in the user information, wherein the authorization standard is a standard which needs to be met when the user information passes the check of the service platform, so that the service platform screens the target information meeting the authorization standard in the user information based on the authorization standard, the target information is user information corresponding to user equipment having access authority to the service platform, and then authorization identification information corresponding to the target information is generated, and the authorization identification information is identification used for representing self legal identity when the user equipment accesses service data in the service platform.
It should be noted that, the authorization criteria in this step may specifically include, but are not limited to, that the user information incoming from the user equipment does not exist in a blacklist, and/or that the type of the user equipment meets the type requirement, and/or that the user information is pre-recorded in an authorized user information list of the service platform.
Step S12: and storing the authorization identification information, and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to the access request initiated by the user equipment based on the synchronization information.
The service platform generates authorization identification information corresponding to the target information, and then locally stores the authorization identification information, so that when the user equipment holds the authorization identification information to perform service access to the user equipment, the legal identity of the user equipment can be verified based on the locally stored authorization identification information, and then corresponding service data is provided for the user identity. When the authorization identification information is stored, the local service platform broadcasts the synchronization information containing the authorization identification information to other service platforms in the service platform cluster where the local service platform is located, so that when the user equipment holds the authorization identification information to access other service platforms, the other service platforms can also verify the legal identity of the user equipment based on the authorization identification information transmitted by the local service platform, and further, the other service platforms can also correctly respond to the service access of the user equipment.
Step S13: and returning the authorization identification information to the target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorization identification information.
It can be understood that, after the authorization identification information is generated, the authorization identification information is further returned to the target user equipment corresponding to the target information, so as to complete providing the corresponding authority identification for the target user equipment having the access authority, so that the target user equipment can hold the authorization identification information to initiate access to the service data to the service platform in the service platform cluster.
The authentication method provided by the application is applied to a service platform in a service platform cluster, and comprises the steps of firstly receiving an authentication request carrying user information, obtaining target information meeting an authorization standard in the user information, generating authorization identification information, further storing the authorization information, broadcasting synchronization information containing the authorization identification information to other service platforms in the service platform cluster, so that the service platforms in the service platform cluster can respond to an access request initiated by user equipment based on the synchronization information, and further returning the authorization identification information to target user equipment corresponding to the target information, so that the target user equipment can access the service platforms in the service platform cluster based on the authorization identification information. According to the method, after target information in user information is authenticated by one service platform in a service platform cluster, the service platform broadcasts synchronization information containing authorization identification information generated by the authentication to other service platforms in the service platform cluster, and then the other service platforms can respond to an access request initiated by the user equipment based on the authorization identification information, so that in a scene of the service platform cluster, the user equipment can access service data of all service platforms in the service platform cluster after passing the authentication of one service platform, and further the overall availability of the service platform cluster is ensured.
Referring to fig. 2, an embodiment of the present application discloses an authentication method applied to a service platform in a service platform cluster, including:
step S20: and receiving an authentication request, wherein the authentication request carries user information.
Step S21: and acquiring target information meeting authorization standards in the user information, and generating authorization identification information.
Step S22: and storing the authorization identification information, and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to the access request initiated by the user equipment based on the synchronization information.
Step S23: and returning the authorization identification information to the target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorization identification information.
Step S24: and receiving a current access request, wherein the current access request carries actual authorization identification information.
The current access request received in this step refers to a request initiated by the current user equipment in an actual scene to the local service platform in the service platform cluster, and is intended to access service data in the local service platform, and the current access request carries actual authorization identification information held by the current user equipment itself, so that the service platform can verify the current user equipment.
Step S25: and judging whether the actual authorization identification information is matched with the authorization identification information in the synchronous information, if so, executing the step S26, otherwise, executing the step S27.
Step S26: and executing service response to the corresponding current user equipment according to the current access request.
Step S27: stopping responding to the current access request.
After receiving the current access request, the local service platform further determines whether the actual authorization identification information in the current access request matches the authorization identification information in the synchronization information, that is, determines whether the actual authorization identification information is already stored in the local synchronization information, if so, the current user equipment is considered to have the authority to access the service data, so that the local service platform executes service response to the corresponding current user equipment according to the current access request, otherwise, the local service platform is considered to have no authority to access the service data, and then stops responding to the current access request.
The key point of this embodiment is that a service platform in a service platform cluster determines, through synchronization information stored locally, whether actual authorization identification information is valid in a current access request initiated by current user equipment, because authorization identification information in the synchronization information in the local service platform is generated after the local service platform authenticates the user equipment, or is generated after other service platforms authenticate the user equipment and is synchronized to the local in a broadcast manner, this embodiment can further ensure that the user equipment can access service data of all service platforms in the service platform cluster after passing authentication of one of the service platforms, thereby ensuring overall availability of the service platform cluster.
In addition, it should be emphasized that, in the present embodiment, steps S20 to S23 are procedures for authenticating the user equipment, and steps S24 to S27 are procedures for accessing the service data by the user equipment, and for the same user equipment, the two procedures need to perform the authentication procedures of steps S20 to S23 first, and then perform the procedures of steps S24 to S27 for accessing the service data by the user equipment; the two processes are not fixed in execution sequence for different user equipments, and may also be performed simultaneously, which is not specifically limited herein.
Referring to fig. 3, an embodiment of the present application discloses an authentication method applied to a service platform in a service platform cluster, including:
step S30: and receiving an authentication request, wherein the authentication request carries user information.
Step S31: and acquiring target information meeting the authorization standard in the user information.
Step S32: the platform identity information of the local service platform is obtained, and the authorization identification information is obtained based on encryption operation performed on plaintext information containing the platform identity information.
It should be noted that the key point in this step is to obtain platform identity information of the local service platform, and perform encryption operation based on plaintext information including the platform identity information to obtain authorization identification information, where the platform identity information in this step is related information of the local service platform, that is, other service platforms in the service platform cluster can access the local service platform according to the platform identity information.
Step S33: and storing the authorization identification information, and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to the access request initiated by the user equipment based on the synchronization information.
Step S34: and returning the authorization identification information to the target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorization identification information.
Step S35: and receiving a current access request, wherein the current access request carries actual authorization identification information.
Step S36: and executing decryption operation on the actual authorization identification information to obtain actual plaintext information, and acquiring actual platform identity information in the actual plaintext information.
In this step, after the actual authorization identifier information carried in the access request is obtained, a decryption operation is further performed on the actual authorization identifier information to obtain actual plaintext information, and actual platform identity information in the actual plaintext information is obtained, where the actual platform identity information is related information of the service platform that generates the actual authorization identifier.
Step S37: and initiating a verification request for the actual authorization identification information to the corresponding target service platform according to the actual platform identity information, and receiving a verification result.
The actual authorization identifier is stored in the service platform generating the actual authorization identifier, so that after the actual platform identity information is obtained, a verification request for the actual authorization identifier information is further initiated to the corresponding target service platform according to the actual platform identity information, and a verification result is received, wherein the verification result is a judgment result of whether the target service platform is effective on the actual authorization identifier information.
Step S38: and judging whether the checking result is in a checking passing state, if so, executing the step S39, otherwise, executing the step S310.
Step S39: and executing service response to the corresponding current user equipment according to the current access request.
Step S310: stopping responding to the current access request.
It can be understood that, when the verification result is in the verification passing state, it indicates that the actual authorization identifier information is valid, and then performs a service response on the corresponding current user equipment according to the current access request, otherwise, it indicates that the actual authorization identifier information is invalid, and then stops responding to the current access request.
In this embodiment, when broadcasting the synchronization information, a situation that transmission of the synchronization information is not completed in time due to a network delay problem may exist in each service platform in the service platform cluster, and then a local service platform cannot normally check whether the actual authorization identification information is valid is considered, so that this embodiment initiates a check request for the actual authorization identification information to a target service platform that generates the actual authorization identification information, and receives a check result, thereby completing checking the actual authorization identification information through the target service platform that generates the actual authorization identification information, and thus further ensuring that a user equipment can access service data of all service platforms in the service platform cluster after passing through authentication of one of the service platforms, and further ensuring the overall availability of the service platform cluster.
In addition, it should be emphasized that, in the present embodiment, steps S30 to S34 are procedures for authenticating the user equipment, and steps S35 to S310 are procedures for accessing the service data by the responding user equipment, and for the same user equipment, the two procedures need to perform the authentication procedure of steps S30 to S34 first, and then perform the procedure of steps S35 to S310 for accessing the service data by the responding user equipment; the two processes are not fixed in execution sequence for different user equipments, and may also be performed simultaneously, which is not specifically limited herein.
Referring to fig. 4, an embodiment of the present application discloses an authentication method applied to a service platform in a service platform cluster, including:
step S40: and receiving an authentication request, wherein the authentication request carries user information.
Step S41: and acquiring target information meeting the authorization standard in the user information.
Step S42: and generating authentication information according to the target information, and performing encryption operation on the plaintext information containing the authentication information to obtain authorization identification information.
It should be noted that, the key point in this step is that after the local service platform obtains target information that meets the authorization standard in the user information, authentication information is further generated according to the target information, and then encryption operation is performed based on plaintext information that includes the authentication information to obtain authorization identification information, where the authentication information is generated by performing logical data extraction or data conversion based on the target information, and a logical mapping relationship can exist between the authentication information and the target information. And then after the authentication information is generated, obtaining the authorization identification information based on the encryption operation performed on the plaintext information containing the authentication information.
Step S43: and storing the authorization identification information, and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to the access request initiated by the user equipment based on the synchronization information.
Step S44: and returning the authorization identification information to the target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorization identification information.
Step S45: and receiving a current access request, wherein the current access request carries actual authorization identification information and actual user information.
It should be noted that, in this embodiment, the current access request sent by the actual user equipment and received by the local service platform carries the actual authorization identifier information and the actual user information of the actual user equipment.
Step S46: and executing decryption operation on the actual authorization identification information to obtain actual plaintext information, and acquiring actual authentication information in the actual plaintext information.
After the actual authorization identification information is obtained, the actual authorization identification information is further decrypted to obtain actual plaintext information, and then actual authentication information in the actual plaintext information is obtained.
Step S47: and judging whether the actual user information is matched with the actual authentication information, if so, executing the step S48, otherwise, executing the step S49.
Step S48: and executing service response to the corresponding current user equipment according to the current access request.
Step S49: stopping responding to the current access request.
In this embodiment, the authentication information in the authorization identifier information held by the user equipment is generated based on the user information of the user equipment, and in this embodiment, when each service platform in the service platform cluster performs broadcasting of the synchronization information, there may be situations where the transmission of synchronization information is not completed in time due to network latency problems, therefore, after the current access request of the actual user equipment is obtained, the present embodiment further decrypts the obtained actual authentication information based on the actual authorization identifier information in the current access request, matching with the actual user information of the actual user equipment, namely judging whether a mapping relation based on logic exists between the actual user information and the actual authentication information, if so, the actual authentication information is considered to be valid, and a service response is executed to the corresponding current user equipment according to the current access request; otherwise, the actual authentication information is considered to be invalid, and the response of the current access request is stopped. The embodiment further ensures that the user equipment can access the service data of all the service platforms in the service platform cluster after passing the authentication of one service platform, thereby ensuring the overall availability of the service platform cluster.
In addition, it should be emphasized that, in the present embodiment, steps S40 to S44 are procedures for authenticating the user equipment, and steps S45 to S49 are procedures for accessing the service data by the user equipment, and for the same user equipment, the two procedures need to perform the authentication procedures of steps S40 to S44 first, and then perform the procedures of steps S45 to S49 for accessing the service data by the user equipment; the two processes are not fixed in execution sequence for different user equipments, and may also be performed simultaneously, which is not specifically limited herein.
Referring to fig. 5, an embodiment of the present application discloses an authentication method applied to a service platform in a service platform cluster, including:
step S50: and receiving an authentication request, wherein the authentication request carries user information.
Step S51: and acquiring target information meeting the authorization standard in the user information.
Step S52: and acquiring platform identity information of the local service platform, and generating authentication information according to the target information.
Step S53: and obtaining the authorization identification information based on the encryption operation performed on the plaintext information containing the platform identity information and the authentication information.
Step S54: and storing the authorization identification information, and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to the access request initiated by the user equipment based on the synchronization information.
Step S55: and returning the authorization identification information to the target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorization identification information.
Step S56: and receiving a current access request, wherein the current access request carries actual authorization identification information.
Step S57: and judging whether the actual authorization identification information is matched with the authorization identification information in the synchronous information, if so, executing step S58, and if not, executing step S59.
Step S58: and executing service response to the corresponding current user equipment according to the current access request.
Step S59: and executing decryption operation on the actual authorization identification information to obtain actual plaintext information, and acquiring actual platform identity information in the actual plaintext information.
Step S510: and initiating a verification request for the actual authorization identification information to the corresponding target service platform according to the actual platform identity information, and receiving a verification result.
Step S511: and judging whether the checking result is in a checking passing state, if so, executing step 58, otherwise, executing step 512.
Step S512: and acquiring actual authentication information in the actual plaintext information.
Step S513: and judging whether the actual user information is matched with the actual authentication information, if so, executing the step 58, otherwise, executing the step 514.
Step S514: stopping responding to the current access request.
It should be noted that the key point of this embodiment is to divide the verification for the user authentication request into three levels of verification, and the generation of the authorization identifier information is obtained by performing an encryption operation based on plaintext information including platform identity information and authentication information. After receiving a current access request carrying actual authorization identification information, judging whether the actual authorization identification information is matched with authorization identification information in local synchronous information or not by a first-level verification process; the second-stage verification process is that the actual platform identity information obtained by analyzing the actual authorization identification information initiates verification on the actual authorization identification information to the corresponding target service platform; the third level of verification is to determine whether the actual user information matches the actual authentication information. The check of the above three levels is executed according to the sequence of the level one to the level three, the condition for entering the next level check from the check of the current level is that the check of the current level fails, namely the condition for executing the service response to the corresponding current user equipment according to the current access request is not satisfied, and correspondingly, when the check of any level passes, the service response is executed to the corresponding current user equipment according to the current access request; and stopping responding to the current access request if the check of any level is not passed.
Since the first-level verification in this embodiment is performed in the local service platform, that is, the verification is preferentially performed locally; the second level of verification is that the local service platform needs to communicate with other service platforms in the service platform cluster; the third level of verification is still performed in the local service platform, that is, in the present embodiment, the verification efficiency is preferentially ensured in the verification process, that is, the verification is performed in the local service platform, if the local service platform does not store synchronization information synchronously due to network delay, the accuracy of the verification is further ensured by communicating with other service platforms in the service platform cluster, and if the network is short-circuited, the verification with relatively low accuracy is further performed in the local service platform, so that the overall flexibility and integrity of the verification process are ensured.
On the basis of the above series of embodiments, as a preferred implementation, before broadcasting the synchronization information including the authorization identification information to other service platforms in the service platform cluster, the method further includes:
generating synchronization information including generation target information;
broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster, including:
broadcasting the synchronous information containing the authorization identification information to other service platforms in the service platform cluster through a message queue;
when the actual synchronization information is received, the method further comprises:
screening to obtain non-local service platform generated target actual synchronization information in the actual synchronization information according to the generated object information;
and updating the local database based on the target actual synchronization information, and broadcasting to other service platforms in the service platform cluster.
It should be noted that the important point of the present embodiment is that the synchronization information carries generation object information, and the generation object information represents information related to the service platform object that generates the synchronization information. In addition, in this embodiment, the synchronization information including the authorization identifier information is broadcast to other service platforms in the service platform cluster by means of a message queue. The synchronization information is transmitted between the service platforms in a message queue mode, and the integrity and the reliability of the synchronization information can be relatively ensured.
In addition, when the local service platform receives the actual synchronization information, the target actual synchronization information generated by the non-local service platform in the actual synchronization information is obtained by screening according to the generated object information, the local database is updated according to the target actual synchronization information, and the target actual synchronization information is broadcasted to other service platforms in the service platform cluster, so that the problem that the local service platform stores the synchronization information generated and stored by the local service platform again is avoided, and the problems of content oscillation and content conflict caused by bidirectional synchronization among the service platforms in the service platform cluster can be relatively avoided.
On the basis of the above embodiment, as a preferred embodiment, updating the local database based on the target actual synchronization information includes:
and storing the target actual synchronization information into a local database, or deleting the target actual synchronization information in the local database.
It should be noted that, in this embodiment, the update operation on the local database based on the target actual synchronization information may further include storing the target actual synchronization information in the local database, or deleting the target actual synchronization information in the local database, which is mainly determined according to a corresponding synchronization event when the actual synchronization information is received, and according to an actual requirement, the synchronization event may include adding local data and deleting local data, which is determined according to an actual situation, and is not specifically limited herein.
On the basis of the above embodiment, as a preferred embodiment, before updating the local database based on the target actual synchronization information, the method further includes:
judging whether the target actual synchronization information exists in a local database or not;
if the target actual synchronization information exists, discarding the target actual synchronization information;
and if the target actual synchronization information does not exist, executing a step of updating the local database based on the target actual synchronization information.
It should be noted that, in this embodiment, before updating the local database based on the target actual synchronization information, it is determined whether the target actual synchronization information already exists in the local database, and only when the target actual synchronization information does not exist, the step of updating the local database based on the target actual synchronization information is executed, otherwise, the target actual synchronization information is discarded. The embodiment further avoids the occurrence of the situation that the same synchronous information is repeatedly stored and the local database, and ensures the accuracy of the synchronous information.
On the basis of the above embodiment, as a preferred embodiment, when the number of the target actual synchronization information is greater than 1 and the actual identity identifiers are the same, updating the local database based on the target actual synchronization information includes:
and updating the local database based on the latest target actual synchronization information with the minimum time difference with the current time when the time is generated in the target actual synchronization information.
It should be noted that, the key point of this embodiment is to consider that when the local service platform receives a plurality of pieces of target actual synchronization information having the same target actual identity, the local database is further updated according to the latest target actual synchronization information whose selected generation time and time difference from the current time are the smallest, so as to relatively ensure the accuracy of updating the local data, where the target actual identity refers to an identity of an actual user equipment corresponding to the actual synchronization information.
In addition, on the basis of the above embodiment, as a preferred embodiment, broadcasting synchronization information including authorization identification information to other service platforms in a service platform cluster through a message queue includes:
and broadcasting the synchronous information with the same identity identifier to other service platforms in the service platform cluster through the partition channel corresponding to the identity identifier in the message queue.
The key point of this embodiment is to broadcast the synchronization information with the same identity identifier to other service platforms in the service platform cluster through the same partition channel in the message queue, so as to ensure that different actual synchronization information generated based on the same actual user equipment can be broadcast to other service platforms in the service platform cluster with similar communication efficiency, and ensure the transmission synchronization efficiency of the synchronization information of the same user equipment in the service platform cluster.
To further the understanding of the above embodiments, the following provides a scenario embodiment of an authentication scenario applied to a service platform in a service platform cluster.
Fig. 6 is a schematic view of an application scenario of an authentication method disclosed in an embodiment of the present application.
As shown in fig. 6, in this scenario embodiment, the service platform clusters are specifically a Data Center a and a Data Center B (hereinafter referred to as DC) cluster; the database in each DC in the DC cluster is specifically a Remote Dictionary Server (Remote Dictionary service), and is a key-value storage system for storing synchronization information synchronized between the DCs in the DC cluster; broadcasting the synchronous information between the DCs in the DC cluster based on the kafka message queue; a check request for actual authorization identification information is initiated between DCs through an RPC (Remote Procedure Call Protocol), namely a simple inter-process Protocol; the authorization identification information is specifically a character string generated by encryption of an AES algorithm, which is hereinafter referred to as token.
The whole scheme of the scenario embodiment for the user equipment to access the authentication API service mainly comprises two processes, namely data bidirectional real-time synchronization across DC and authentication degradation verification.
The cross-DC bidirectional real-time synchronization is Redis data, the principle is that a karka channel of the cross-DC is communicated based on MirrorMaker 2.0, and a bidirectional real-time synchronization framework realized by event driving of Redis is added, so that the final consistency of the data is ensured, and the problems of lag and failure of the cross-DC data synchronization are tolerated based on an authentication degradation verification strategy.
The authentication degradation verification is a multi-level verification strategy, which not only ensures the safety coefficient of the verification, but also ensures the availability of the distributed authentication system. The longest verification process has three levels, one level is local database verification, the second level is remote DC verification, and the third level is algorithm decryption verification. The second-level checking process is remote checking realized based on an RPC protocol, and if the checking is successful, the data is synchronized to the local. Three-level checks can only occur in certain disaster situations (no locally relevant synchronous data and network communication between DCs is abnormal).
The data bidirectional real-time synchronization process comprises the following steps:
redis data avoids the problems of reverberation and conflict of real-time bidirectional synchronization by adding a label field, and time comparison is carried out before all synchronous operation data, so that the time sequence of operation is ensured.
The data consumed by kafka production is time-ordered, and the hash operation is performed by key when needed, and the calculated hash value is distributed in the corresponding partition channel to be broadcast to other DCs in the DC cluster.
Correspondingly, if token data synchronization fails, a remote RPC call will be made in the degradation check design of token, and an active data synchronization will be completed at the same time.
Authentication degradation verification process:
the first-level verification is firstly carried out, token comparison verification is carried out through a local database, the verification process can be accelerated by using a database cache, and the method is the fastest and safe verification.
And when the token is found not to exist in the database through the primary verification, the token is decrypted, if the decryption fails, the direct verification fails, if the decryption succeeds, the secondary verification is carried out, and through the decrypted information, the RPC service of the DC generating the token is called for verification. Wherein the RPC service calling process can be carried out based on a private network (the private network delay is within 10 ms).
When disaster conditions such as network abnormality occur in the secondary verification process, the service of the opposite DC in the DC cluster cannot be accessed. The safety factor is temporarily reduced, a third-level verification process is entered, algorithm verification is performed on the information obtained by token decryption, and when the network returns to normal, the third-level verification process is stopped.
After the user equipment passes the authentication of the authentication API service, the related service data of the data center can be further acquired based on the service API service.
Referring to fig. 7, an embodiment of the present application discloses an authentication apparatus applied to a service platform in a service platform cluster, including:
a request receiving module 10, configured to receive an authentication request, where the authentication request carries user information;
the authorization information generation module 11 is configured to obtain target information that meets an authorization standard in the user information, and generate authorization identifier information;
the synchronization module 12 is configured to store the authorization identifier information, and broadcast the synchronization information including the authorization identifier information to other service platforms in the service platform cluster, so that the service platforms in the service platform cluster respond to an access request initiated by the user equipment based on the synchronization information;
and the identifier output module 13 is configured to return the authorization identifier information to the target user equipment corresponding to the target information, so that the target user equipment accesses the service platform in the service platform cluster based on the authorization identifier information.
The authentication device provided by the application is applied to a service platform in a service platform cluster, and the authentication device firstly receives an authentication request carrying user information, acquires target information meeting an authorization standard in the user information and generates authorization identification information, further stores the authorization information, and broadcasts synchronization information containing the authorization identification information to other service platforms in the service platform cluster, so that the service platforms in the service platform cluster can respond to an access request initiated by user equipment based on the synchronization information, and further returns the authorization identification information to target user equipment corresponding to the target information, so that the target user equipment can access the service platforms in the service platform cluster based on the authorization identification information. After the target information in the user information passes the authentication of one service platform in the service platform cluster, the service platform broadcasts the synchronization information containing the authorization identification information generated by the authentication to other service platforms in the service platform cluster, and then other service platforms can respond to the access request initiated by the user equipment based on the authorization identification information, so that in the scene of the service platform cluster, the user equipment can access the service data of all service platforms in the service platform cluster after passing the authentication of one service platform, and further the overall availability of the service platform cluster is ensured.
On the basis of the foregoing embodiments, the embodiments of the present application further describe and optimize an authentication device. Specifically, the method comprises the following steps:
in one embodiment, the apparatus further comprises:
the first access receiving module is used for receiving a current access request, and the current access request carries actual authorization identification information;
the identification judgment module is used for judging whether the actual authorization identification information is matched with the authorization identification information in the synchronous information, if so, the service execution module is called, and if not, the response stopping module is called;
the service execution module is used for executing service response to the corresponding current user equipment according to the current access request;
and the response stopping module is used for stopping responding to the current access request.
In one embodiment, the authorization information generating module 11 includes:
the encryption generation module is used for acquiring platform identity information of the local service platform and performing encryption operation on plaintext information containing the platform identity information to obtain authorization identification information;
the device still includes:
the second access receiving module is used for receiving a current access request, and the current access request carries actual authorization identification information;
the identity decryption module is used for carrying out decryption operation on the actual authorization identification information to obtain actual plaintext information and obtaining actual platform identity information in the actual plaintext information;
the identity verification module is used for initiating a verification request for the actual authorization identification information to the corresponding target service platform according to the actual platform identity information and receiving a verification result;
the checking judgment module is used for judging whether the checking result is in a checking passing state, if so, the service execution module is called, and otherwise, the stop response module is called;
the service execution module is used for executing service response to the corresponding current user equipment according to the current access request;
and the response stopping module is used for stopping responding to the current access request.
In one embodiment, the authorization information generating module 11 includes:
the authentication generation module is used for generating authentication information according to the target information and carrying out encryption operation on plaintext information containing the authentication information to obtain authorization identification information;
the device still includes:
the third access receiving module is used for receiving a current access request, wherein the current access request carries actual authorization identification information and actual user information;
the authentication decryption module is used for executing decryption operation on the actual authorization identification information to obtain actual plaintext information and acquiring actual authentication information in the actual plaintext information;
the authentication judging module is used for judging whether the actual user information is matched with the actual authentication information, if so, the service executing module is called, and otherwise, the stop responding module is called;
the service execution module is used for executing service response to the corresponding current user equipment according to the current access request;
and the response stopping module is used for stopping responding to the current access request.
In one embodiment, the authorization information generating module 11 includes:
the acquisition module is used for acquiring platform identity information of the local service platform and generating authentication information according to the target information;
the encryption module is used for carrying out encryption operation on plaintext information containing platform identity information and authentication information to obtain authorization identification information;
the device still includes:
the fourth access receiving module is used for receiving the current access request, and the current access request carries actual authorization identification information;
the first judging module is used for judging whether the actual authorization identification information is matched with the authorization identification information in the synchronous information, if so, the service executing module is called, and otherwise, the identity information acquiring module is called;
the identity information acquisition module is used for carrying out decryption operation on the actual authorization identification information to obtain actual plaintext information and acquiring actual platform identity information in the actual plaintext information;
the request initiating module is used for initiating a verification request for the actual authorization identification information to the corresponding target service platform according to the actual platform identity information and receiving a verification result;
the second judgment module is used for judging whether the verification result is in a verification passing state, if so, the service execution module is called, and otherwise, the authentication acquisition module is called;
the authentication acquisition module is used for acquiring actual authentication information in the actual plaintext information;
the third judging module is used for judging whether the actual user information is matched with the actual authentication information, if so, the service executing module is called, and otherwise, the stop responding module is called;
the service execution module is used for executing service response to the corresponding current user equipment according to the current access request;
and the response stopping module is used for stopping responding to the current access request.
In one embodiment, the apparatus further comprises:
a synchronous information generating module for generating synchronous information containing the information of the generating object;
a synchronization module 12 comprising:
the queue synchronization module is used for broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster through the message queue;
when the actual synchronization information is received, the apparatus further comprises:
the screening module is used for screening the generated object information to obtain the target actual synchronization information generated by the non-local service platform in the actual synchronization information;
and the updating module is used for updating the local database based on the target actual synchronization information and broadcasting the local database to other service platforms in the service platform cluster.
In one embodiment, the update module includes:
and the storage and deletion module is used for storing the target actual synchronization information into the local database or deleting the target actual synchronization information in the local database.
In a specific embodiment, the apparatus further comprises:
the conflict judging module is used for judging whether the target actual synchronization information exists in the local database, if so, calling the discarding module, and if not, calling the updating module;
and the discarding module is used for discarding the target actual synchronization information.
In a specific embodiment, when the number of the target real synchronization information is greater than 1 and the real identity is the same, the updating module includes:
and the time updating module is used for updating the local database based on the latest target actual synchronization information which generates the time in the target actual synchronization information and has the minimum time difference with the current time.
In one particular embodiment, the queue synchronization module includes:
and the partition broadcasting module is used for broadcasting the synchronization information with the same identity identifier to other service platforms in the service platform cluster through the partition channel corresponding to the identity identifier in the message queue.
In addition, this embodiment also discloses a service platform device, including:
a memory for storing a computer program;
a processor for implementing the steps of the authentication method as described above when executing the computer program.
The service platform device provided by the application firstly receives an authentication request carrying user information, acquires target information meeting authorization standards in the user information and generates authorization identification information, further stores the authorization information, and broadcasts synchronization information containing the authorization identification information to other service platforms in a service platform cluster, so that the service platforms in the service platform cluster can respond to an access request initiated by the user device based on the synchronization information, and further returns the authorization identification information to the target user device corresponding to the target information, so that the target user device can access the service platforms in the service platform cluster based on the authorization identification information. After the target information in the user information passes the authentication of one service platform in the service platform cluster, the service platform broadcasts the synchronization information containing the authorization identification information generated by the authentication to other service platforms in the service platform cluster, and then other service platforms can respond to the access request initiated by the user equipment based on the authorization identification information, so that in the scene of the service platform cluster, the user equipment can access the service data of all service platforms in the service platform cluster after passing the authentication of one service platform, and further the overall availability of the service platform cluster is ensured.
Furthermore, the present embodiment also discloses a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the authentication method as described above.
The computer-readable storage medium provided by the application is applied to a service platform in a service platform cluster, and the method comprises the steps of firstly receiving an authentication request carrying user information, acquiring target information meeting an authorization standard in the user information, generating authorization identification information, further storing the authorization information, and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster, so that the service platforms in the service platform cluster can respond to an access request initiated by user equipment based on the synchronization information, and further returning the authorization identification information to target user equipment corresponding to the target information, so that the target user equipment can access the service platforms in the service platform cluster based on the authorization identification information. After the target information in the user information passes the authentication of one service platform in the service platform cluster, the service platform broadcasts the synchronization information containing the authorization identification information generated by the authentication to other service platforms in the service platform cluster, and then the other service platforms can respond to the access request initiated by the user equipment based on the authorization identification information, so that the service data of all the service platforms in the service platform cluster can be accessed after the user equipment passes the authentication of one service platform in the scene of the service platform cluster, and the overall availability of the service platform cluster is further ensured.
The above details describe an authentication method, an authentication device, an authentication apparatus, and a storage medium provided by the present application. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (13)
1. An authentication method applied to a service platform in a service platform cluster includes:
receiving an authentication request, wherein the authentication request carries user information;
acquiring target information meeting authorization standards in the user information and generating authorization identification information;
storing the authorization identification information, and broadcasting synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to an access request initiated by user equipment based on the synchronization information;
and returning the authorization identification information to target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorization identification information.
2. The authentication method of claim 1, further comprising:
receiving a current access request, wherein the current access request carries actual authorization identification information;
judging whether the actual authorization identification information is matched with the authorization identification information in the synchronous information;
if the access request is matched with the authorization identification information in the synchronous information, executing service response to corresponding current user equipment according to the current access request;
and if the current access request is not matched with the authorization identification information in the synchronous information, stopping responding to the current access request.
3. The authentication method according to claim 1, wherein the generating of the authorization identification information includes:
acquiring platform identity information of a local service platform, and performing encryption operation on plaintext information containing the platform identity information to obtain the authorization identification information;
the method further comprises the following steps:
receiving a current access request, wherein the current access request carries actual authorization identification information;
performing decryption operation on the actual authorization identification information to obtain actual plaintext information, and acquiring actual platform identity information in the actual plaintext information;
initiating a verification request for the actual authorization identification information to a corresponding target service platform according to the actual platform identity information, and receiving a verification result;
judging whether the checking result is in a checking passing state or not;
if the verification result is in a verification passing state, executing a service response to the corresponding current user equipment according to the current access request;
and if the verification result is not in a verification passing state, stopping responding to the current access request.
4. The authentication method according to claim 1, wherein the generating of the authorization identification information includes:
generating authentication information according to the target information, and carrying out encryption operation on plaintext information containing the authentication information to obtain the authorization identification information;
the method further comprises the following steps:
receiving a current access request, wherein the current access request carries actual authorization identification information and actual user information;
carrying out decryption operation on the actual authorization identification information to obtain actual plaintext information, and obtaining actual authentication information in the actual plaintext information;
judging whether the actual user information is matched with the actual authentication information;
if the actual user information is matched with the actual authentication information, executing service response to corresponding current user equipment according to the current access request;
and if the actual user information is not matched with the actual authentication information, stopping responding to the current access request.
5. The authentication method according to claim 1, wherein the generating of the authorization identification information includes:
acquiring platform identity information of a local service platform, and generating authentication information according to the target information;
obtaining the authorization identification information based on encryption operation performed on plaintext information containing the platform identity information and the authentication information;
the method further comprises the following steps:
receiving a current access request, wherein the current access request carries actual authorization identification information;
judging whether the actual authorization identification information is matched with the authorization identification information in the synchronous information;
if the access request is matched with the authorization identification information in the synchronous information, executing service response to corresponding current user equipment according to the current access request;
if the actual authorization identification information is not matched with the authorization identification information in the synchronous information, performing decryption operation on the actual authorization identification information to obtain actual plaintext information, and acquiring actual platform identity information in the actual plaintext information;
initiating a verification request for the actual authorization identification information to a corresponding target service platform according to the actual platform identity information, and receiving a verification result;
judging whether the checking result is in a checking passing state or not;
if the verification result is in a verification passing state, executing a service response to the corresponding current user equipment according to the current access request;
if the verification result is not in a verification passing state, acquiring actual authentication information in the actual plaintext information;
judging whether the actual user information is matched with the actual authentication information;
if the actual user information is matched with the actual authentication information, executing service response to corresponding current user equipment according to the current access request;
and if the actual user information is not matched with the actual authentication information, stopping responding to the current access request.
6. The authentication method according to any one of claims 1 to 5, wherein before the broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster, the method further comprises:
generating the synchronization information including generation target information;
the broadcasting the synchronization information including the authorization identification information to other service platforms in the service platform cluster includes:
broadcasting the synchronous information containing the authorization identification information to other service platforms in the service platform cluster through a message queue;
when the actual synchronization information is received, the method further comprises:
screening and obtaining target actual synchronization information which is not generated by the local service platform in the actual synchronization information according to the generated object information;
and updating a local database based on the target actual synchronization information, and broadcasting to other service platforms in the service platform cluster.
7. The authentication method of claim 6, wherein said updating a local database based on said target actual synchronization information comprises:
and storing the target actual synchronization information into the local database, or deleting the target actual synchronization information in the local database.
8. The authentication method of claim 7, wherein prior to said updating the local database based on said target actual synchronization information, said method further comprises:
judging whether the target actual synchronization information exists in the local database or not;
if the target actual synchronization information exists, discarding the target actual synchronization information;
and if the target actual synchronization information does not exist, executing the step of updating the local database based on the target actual synchronization information.
9. The authentication method according to claim 8, wherein when the number of the target actual synchronization information is greater than 1 and the actual identities are the same, the updating the local database based on the target actual synchronization information comprises:
and updating the local database based on the latest target actual synchronization information with the minimum time difference with the current time at the time generated in the target actual synchronization information.
10. The authentication method according to claim 9, wherein the broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster through a message queue comprises:
and broadcasting the synchronous information with the same identity identifier to other service platforms in the service platform cluster through a partition channel corresponding to the identity identifier in a message queue.
11. An authentication device applied to a service platform in a service platform cluster, comprising:
a request receiving module, configured to receive an authentication request, where the authentication request carries user information;
the authorization information generation module is used for acquiring target information meeting authorization standards in the user information and generating authorization identification information;
the synchronization module is used for storing the authorization identification information and broadcasting the synchronization information containing the authorization identification information to other service platforms in the service platform cluster so that the service platforms in the service platform cluster respond to an access request initiated by user equipment based on the synchronization information;
and the identification output module is used for returning the authorized identification information to the target user equipment corresponding to the target information so that the target user equipment can access the service platform in the service platform cluster based on the authorized identification information.
12. A service platform device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the authentication method according to any one of claims 1 to 10 when executing the computer program.
13. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the steps of the authentication method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010032716.5A CN113111335B (en) | 2020-01-13 | 2020-01-13 | Authentication method, authentication device, authentication equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010032716.5A CN113111335B (en) | 2020-01-13 | 2020-01-13 | Authentication method, authentication device, authentication equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113111335A true CN113111335A (en) | 2021-07-13 |
| CN113111335B CN113111335B (en) | 2023-12-29 |
Family
ID=76709980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010032716.5A Active CN113111335B (en) | 2020-01-13 | 2020-01-13 | Authentication method, authentication device, authentication equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113111335B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080092215A1 (en) * | 2006-09-25 | 2008-04-17 | Nortel Networks Limited | System and method for transparent single sign-on |
| US20130185767A1 (en) * | 2012-01-18 | 2013-07-18 | Juniper Networks, Inc. | Clustered aaa redundancy support within a radius server |
| US20170063554A1 (en) * | 2015-08-25 | 2017-03-02 | Alibaba Group Holding Limited | Method and device for multi-user cluster identity authentication |
| US20180026982A1 (en) * | 2015-04-02 | 2018-01-25 | Chengdu Td Tech Ltd. | Unified authentication method for application in trunking system, server and terminal |
| WO2019001834A1 (en) * | 2017-06-27 | 2019-01-03 | Nokia Technologies Oy | Methods and apparatuses for access control to a network device from a user device |
| CN109474435A (en) * | 2018-12-12 | 2019-03-15 | ***通信集团江苏有限公司 | Method, apparatus, equipment, system and the medium of multiple business relay certifications |
-
2020
- 2020-01-13 CN CN202010032716.5A patent/CN113111335B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080092215A1 (en) * | 2006-09-25 | 2008-04-17 | Nortel Networks Limited | System and method for transparent single sign-on |
| US20130185767A1 (en) * | 2012-01-18 | 2013-07-18 | Juniper Networks, Inc. | Clustered aaa redundancy support within a radius server |
| US20180026982A1 (en) * | 2015-04-02 | 2018-01-25 | Chengdu Td Tech Ltd. | Unified authentication method for application in trunking system, server and terminal |
| US20170063554A1 (en) * | 2015-08-25 | 2017-03-02 | Alibaba Group Holding Limited | Method and device for multi-user cluster identity authentication |
| WO2019001834A1 (en) * | 2017-06-27 | 2019-01-03 | Nokia Technologies Oy | Methods and apparatuses for access control to a network device from a user device |
| CN109474435A (en) * | 2018-12-12 | 2019-03-15 | ***通信集团江苏有限公司 | Method, apparatus, equipment, system and the medium of multiple business relay certifications |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113111335B (en) | 2023-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| CN107734502B (en) | Micro base station communication management method, system and equipment based on block chain | |
| KR102252396B1 (en) | System and method for authentificating based one time password | |
| US20170048225A1 (en) | Method, Apparatus, and System for Secure Authentication | |
| CN110417790B (en) | Block chain real-name system queuing system and method | |
| CN112527912B (en) | Data processing method and device based on block chain network and computer equipment | |
| CN110572450A (en) | Data synchronization method and device, computer readable storage medium and computer equipment | |
| CN108696356B (en) | Block chain-based digital certificate deleting method, device and system | |
| US11438321B2 (en) | Method and apparatus for trust based authentication in SDN clustering | |
| CN110611647A (en) | Node joining method and device on block chain system | |
| US20210297449A1 (en) | Token node locking | |
| CN110928880A (en) | Data processing method, device, terminal and medium based on block chain | |
| CN110647583B (en) | Block chain construction method, device, terminal and medium | |
| CN111585970A (en) | Token verification method and device | |
| CN109818943A (en) | A kind of authentication method suitable for low orbit satellite Internet of Things | |
| KR20120134942A (en) | Authentification agent and method for authentificating online service and system thereof | |
| CN111327602B (en) | Equipment access processing method, equipment and storage medium | |
| CN113111335B (en) | Authentication method, authentication device, authentication equipment and storage medium | |
| CN113872986B (en) | Power distribution terminal authentication method and device and computer equipment | |
| CN112804063B (en) | Cascading method and related device | |
| CN111817860B (en) | Communication authentication method, device, equipment and storage medium | |
| CN110968442B (en) | Data processing method and device | |
| US11943349B2 (en) | Authentication through secure sharing of digital secrets previously established between devices | |
| CN117318969A (en) | Service communication method, device and system for realizing disaster recovery | |
| CN113792273A (en) | Identity authentication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |