CN106790308A - A kind of user authen method, apparatus and system - Google Patents

A kind of user authen method, apparatus and system Download PDF

Info

Publication number
CN106790308A
CN106790308A CN201710192304.6A CN201710192304A CN106790308A CN 106790308 A CN106790308 A CN 106790308A CN 201710192304 A CN201710192304 A CN 201710192304A CN 106790308 A CN106790308 A CN 106790308A
Authority
CN
China
Prior art keywords
user
password
username
authentication
default
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710192304.6A
Other languages
Chinese (zh)
Inventor
张立新
苏丹
吴佳
刘超
董爱强
冯扬
廖明耀
齐志超
牟鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing China Power Information Technology Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing China Power Information Technology Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, Beijing China Power Information Technology Co Ltd, Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201710192304.6A priority Critical patent/CN106790308A/en
Publication of CN106790308A publication Critical patent/CN106790308A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a kind of user authen method, apparatus and system, based on basic the and Digest authentication methods in Http, with reference to the resource authorization management in Servlet specifications, by the user management of web applications and login authentication, linux system user management and Pam authentication modules are entrusted to;Web applications do not provide the function of user management and certification.So as to lift the security of user's access, while simplifying the process of web client login authentication, verification efficiency is lifted.

Description

A kind of user authen method, apparatus and system
Technical field
The present invention relates to data processing technique, a kind of user authen method, apparatus and system are more particularly to.
Background technology
With continuing to develop for computer technology and safe practice, the security of user authentication is increasingly highlighted.Generally, one As application program when user authentication is carried out, certain specific authentication mode can be hard coded into inside program.Such as, tradition User logs in program, it first obtains the username and password of user, then, the password of user input be calculated close Text, finally, second field that the user in the ciphertext and/etc/shadow files that will obtain is expert at is compared, such as Really identical, then certification passes through, otherwise, authentification failure.
Specifically, http agreements (HTTP, Hyper Text Transfer Protocol) is provided at present The safety certification standard of tetra- kinds of modes of Basic, Digest, Form, Cert, wherein, the letter of Basic and Digest authentication modes It is single, effective, but security is not high;The certification work amount of Form, Cert authentication mode is big, and verification process is complicated.
It can be seen that, how a kind of user authen method is provided, answered with improving the security of user authentication, and solving current web With need to simultaneously develop complete user management and authentication management function, the problem that exploitation is complicated, authentication efficiency is low, as currently urgently A big technical problem to be solved.
The content of the invention
In view of this, the invention provides a kind of user authen method, apparatus and system, combine http (basic) and The authentication mode of PAM modules, enhances the security of user authentication, and authentication efficiency is high.
To achieve the above object, the present invention provides following technical scheme:
A kind of user authen method, is applied to application server, and the user authen method includes:
Receive resource download request;
Compare whether the resource download request authorizes, if not, generation query is identified and sent queries mark including described The target information of knowledge is to client;
Receive the username and password information that user is based on the (SuSE) Linux OS of target information input;
Default authentication module is called according to the configuration of default configuration file, the use is verified by the default authentication module Name in an account book and encrypted message;
If the verification passes, resource corresponding with the resource download request to the client is sent.
Preferably, it is described to compare whether the resource download request authorizes, including:
According to the default configuration file, compare whether the resource download request authorizes.
Preferably, it is described that default authentication module is called according to the configuration of default configuration file, including:
In (SuSE) Linux OS, the username and password and default authentication module of each client are pre-configured with;
Set up the incidence relation of the username and password and the default authentication module.
Preferably, it is described that the username and password information is verified by the default authentication module, including:
Search the user be based on the target information input (SuSE) Linux OS username and password information whether Belong to the username and password of each client being pre-configured with, if belonged to, it is determined that be verified.
A kind of user authentication device, is applied to application server, and the user authentication device includes:
First receiver module, for receiving resource download request;
Comparing module, for comparing whether the resource download request authorizes, if not, generation query is identified and sends bag Include the target information for querying mark to client;
Second receiver module, for receiving the user name that user is based on the (SuSE) Linux OS of target information input And encrypted message;
Authentication module, for calling default authentication module according to the configuration of default configuration file, by the default checking Username and password information described in module verification;
Sending module, for being verified when described, sends resource corresponding with the resource download request to the visitor Family end.
Preferably, the comparing module includes:
Comparing unit, for according to the default configuration file, comparing whether the resource download request authorizes.
Preferably, the authentication module includes:
Dispensing unit, in (SuSE) Linux OS, being pre-configured with the username and password of each client and described Default authentication module;
Unit is set up, the incidence relation for setting up the username and password and the default authentication module.
Preferably, the authentication module also includes:
Searching unit, for searching the user name that the user is based on the (SuSE) Linux OS of target information input With the username and password whether encrypted message belongs to each client being pre-configured with, if belonged to, it is determined that checking is logical Cross.
A kind of customer certification system, including user authentication device described in above-mentioned any one.
Understood via above-mentioned technical scheme, compared with prior art, the embodiment of the invention provides a kind of user authentication Method, based on basic the and Digest authentication methods in Http, with reference to the resource authorization management in Servlet specifications, by web The user management of application and login authentication, entrust to linux system user management and Pam authentication modules;Web applications do not provide use Family management and the function of certification.So as to lift the security of user's access, while simplify the process of web client login authentication, Lifting verification efficiency.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of user authen method provided in an embodiment of the present invention;
Fig. 2 is the process chart of the certification of Basic provided in an embodiment of the present invention and Digest;
Fig. 3 is the structural representation of PAM authentication modules provided in an embodiment of the present invention;
The goods batch figure that Fig. 4 is applied by a kind of user authen method provided in an embodiment of the present invention;
Fig. 5 is a kind of structural representation of user authentication device provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
Relational language is explained:
(1) http agreements:HTTP (HTTP, Hyper Text Transfer Protocol) is internet On a kind of procotol for being most widely used.
(2) servlet specifications:Servlet is for generating dynamic content based on Java technology web assembly container trustships Specification.As other are based on the component technology specification of Java, Servlet is also based on platform-independent java class form, Be compiled as with platform-independent bytecode, by the web server dynamic loads based on Java technology and can run.
(3) user authentication:User authentication is the process that user's (client) proves the mark of oneself to system (server).
(4)SG-APS:The application server middleware product based on java technologies developed by our company.
A kind of user authen method is the embodiment of the invention provides, based on basic the and Digest authentication methods in Http, With reference to the resource authorization management in Servlet specifications, by the user management of web applications and login authentication, linux system is entrusted to User management and Pam authentication modules;Web applications do not provide the function of user management and certification.So as to lift the peace of user's access Quan Xing, while simplifying the process of web client login authentication, lifts verification efficiency.
It is a kind of schematic flow sheet of user authen method provided in an embodiment of the present invention specifically, referring to Fig. 1, should User authen method is applied to application server, including step:
S1, reception resource download request (URL).
S2, compare whether the resource download request (URL) authorizes, if not, generation query mark (challenge) and Transmission includes the target information for querying mark to client.
Compare whether the URL request authorizes and can be configured according to the web.xml specifically, described, compare the URL Whether request authorizes.
S3, the username and password information for receiving (SuSE) Linux OS of the user based on target information input.
The collection that the Web applications of Java Linux platforms are made up of many Servlet, html page, class and other resources Close, these resources constitute the complete applications operated on Web server.One terminal user can use various Supported client validation mode or type carry out user's checking.
The present embodiment uses the light-weight authentication mode on linux system, wherein, HTTP basic verifications are by http protocol The authentication mechanism of support, this mechanism is based on username and password.Web server requires that Web client is verified to user, Used as a part for request, Web server will transmit a domain, and user can receive checking in this domain.Web client from Family obtains username and password, and transfers them to Web server, and then, Web server can be verified in specified domain User.
As described in background, conventional http authentication mode is divided into four kinds:Basic, digest, form and cert.Wherein, the present embodiment is preferentially from the first and second verification mode:Basic is verified and Digest checkings.
Wherein, Basic is identical with the handling process of the certification of Digest, as shown in Fig. 2 including step:
S21, the shielded resource of client request.
S22, server detects with no authorized, then generate a challenge and return to client.
S23, client goes out digest according to challenge and associated information calculation.
S24, the information that incidental steps S23 is calculated resource again in request step S21.
S25, service end user password information according to known to calculate digest and with step S24 in ask digest Compare checking.
S26, service end returns to resource to validated user after being verified.
It should be noted that the difference of Basic checkings and Digest checkings is calculating in step S23 and step S25 The algorithm of digest is different.Wherein, Basic is that the direct base64 of password is encoded into (plaintext), and Digest is added with MD5 Transmission after close.
That is, Basic is the basic authentication mode of http, and digest is the upgrade version of basic.Digest is more in theory Safety.Inventor has found:Because basic is plaintext transmission encrypted message, and digest is transmission after encryption.However, digest Acquiescence is encrypted with MD5 to password, although the plaintext transmission compared to basic certifications is safer, but AES MD5 in itself Original text counter can be released, and digest is the encryption to authentication information, and follow-up content transmission security cannot be ensured. Therefore, this programme increased step S4 on the basis of above-mentioned steps, and security is carried out to data using PAM authentication modules Certification.
Specifically, Basic checkings are that http protocol defines Basic Authentication during http protocol is communicated Method of the journey to allow HTTP server that user identity card is carried out to web browser, when a client is entered to HTTP server During row request of data, server can send a response for unauthorized, represented with Realm information use Basic in the response Certification, present embodiments provides an instantiation for Basic certifications, as follows:
Browser can eject a frame after receiving this response, be input into username and password.Point is cancelled expression cancellation and is recognized Card, point determination can submit user name, password to server to.The mode of submission is added in HTTP:WWW- Authorization:Basic XXXXXXX。
Wherein, Basic is followed by the BASE64 codings of user name, password.After received server-side, lift Http head In information, verify user and password, by then allow access, return client required for data;Not by forbidding accessing, Return to error code or require that client provides user name and password again.
S4, according to default configuration file (web.xml) configuration call default authentication module (PAM authentication modules), pass through The default authentication module verifies the username and password information.
Specifically, the present embodiment can be by (SuSE) Linux OS, being pre-configured with the user name of each client and close Code and PAM authentication modules, then set up the incidence relation of the username and password and the PAM authentication modules.When described When verifying the username and password information by the PAM authentication modules, actually search the user and be based on the mesh Whether the username and password information for marking the (SuSE) Linux OS of information input belongs to the use of each client being pre-configured with Name in an account book and password, if belonged to, it is determined that be verified.
S5, if the verification passes, sends resource corresponding with the resource download request to the client.
As mentioned previously, inventor has found HTTP basic verifications and dangerous, therefore, base of this programme in above-mentioned steps On plinth, step S4 is increased, using PAM authentication modules data are carried out with the certification of security.
Wherein, Linux-PAM is the abbreviation of PLUGGABLE AUTHENTICATION MODULES, and it is a set of shared Storehouse.It can allow system manager to select how application program goes certification user, the inside without knowing application program Realize details, it is not required that recompilate code.
And conventional authentication mode is, general application program, in certification user to be gone, they can specifically recognize certain Card mode is hard coded into inside program.Such as, traditional User logs in program, it first obtains the username and password of user, so Afterwards, the password of user input is carried out being calculated ciphertext, finally, being somebody's turn to do in the ciphertext and/etc/shadow files that will obtain Second field that user is expert at is compared, if identical, certification passes through, otherwise, authentification failure.This verification process Shortcoming be that cannot easily go to change this authentication mode that is used of logging program.
With the development of computer technology and safe practice, increasing old authentication mechanism become very it is fragile; Meanwhile, user authentication is frequently necessary to change the verification process of application program under legacy authentication mechanisms, is also not easy to authentication management Convenient realization.
If certain application program has used PAM, when it needs to carry out user authentication, it is only necessary to verification process It is simple to give PAM modules, then, user is authenticated by PAM modules, the result of certification is returned to apply journey again by PAM Sequence.Application program is not aware that PAM has used that what method is authenticated to user on earth, and this is determined by system manager It is fixed.Keeper can use, and simple trust (pam_permit) are authenticated, it is also possible to use extremely complex certification Mode, such as nethike embrane certification, voiceprint.The time the need for user's adjustment verification process is saved, authentication efficiency is improve.
Specifically, in the present embodiment, PAM takes hierarchical design thought, as shown in figure 3, realizing inserting for module Entering property and ease for use.PAM makes each identification module independent from application program, the knob contacted as both by PAM API Band, application program (can just configure) neatly identification function mould needed for " insertion " wherein by configuration file as needed Block, so as to be truly realized " identification function, on-demand ".
To sum up, with reference to Fig. 4, the goods batch figure applied by a kind of user authen method that the present embodiment is provided, first, Start user authentication, user side submits URL request to.Then, Web Application Server is configured with by HTTP in web.xml BASIC is used as user login validation mechanism.Wherein, configuration of the SG-APS middlewares in web.xml, returns Http.response responses.
That specifically verifies realizes that flow is as follows:
(1) in browse request:https://localhost:8080/index.html.
(2) SG-APS servers are configured according to web.xml, and server returns to 401 (unauthentication) codes, and A subsidiary head comprising challenge, form is as follows:WWW-Authenticate Basic realm=" Admin All ".
(3) request of the return that browser is received, ejects " username and password input frame ".
(4) user is input into the user ing and password of (SuSE) Linux OS in the input frame of browser, and browser will: (username:Password the information after) encoding is submitted to server end in being added to request header.
Afterwards, user input the user name password of (SuSE) Linux OS and is submitted to server in a browser.Then, SG- APS calls PAM authentication modules according to web.xml configurations.Specific checking realizes that flow is as follows:
(1) in (SuSE) Linux OS, user and password that addition web is applied.
(2) in (SuSE) Linux OS, the configuration file of Pam is added, pam's defined in the configuration file recognizes Card process.
(3) code by SG-APS commission PAM certifications breaks into jar bags, is added to SG-APS application servers In " modules " catalogue.
(4) in SG-APS configuration files, the security domain that definition passes through pam certifications is such as:" pamreaml ", the safety The authentication codes bag path in domain is the authentication codes bag disposed in " moudules " catalogue.
(5) in web.xml files, pam domains " pamrealm " is configured in web.xml.
(6) it is fixed according to " pamrealm " configuration in web.xml after SG-APS middlewares receive user cipher checking request Pam Validation Codes, the commission of pam Validation Codes are called according to configuration SG-APS to " pamrealm " configuration in SG-APS in position Linux Pam module verification username and passwords.
Followed by, after being verified, access authorization for resource is verified according to web.xml.Specifically, being defined according to Servlet specifications One user role, then, configuration user role accesses the resource pam of management and control, finally, creates user, binds role and resource.
Finally, Authority Verification passes through, and verification process terminates, and user reads URL resources.
It can be seen that, the present embodiment uses HTTP and PAM combination attestations, and multiple safety certification constraints are constrained by individual security closes And to realize.That is, authentication management Web applied, entrusts to the Pam authentication modules of (SuSE) Linux OS, by pam modules Customizability, lifting User logs in and password authentification flexibility ratio.And user authentication process is improved, lift user authentication efficiency
Except this, the present embodiment additionally provides a kind of user authentication device, is applied to application server, as shown in figure 5, described User authentication device includes:
First receiver module 101, for receiving URL request;
Comparing module 102, for comparing whether the URL request authorizes, if not, mark is queried in generation (challenge) and send and include described querying the target information for identifying to client;
Second receiver module 103, for receiving the user that user is based on the (SuSE) Linux OS of target information input Name and encrypted message;
Authentication module 104, for calling PAM authentication modules according to web.xml configurations, is tested by the PAM authentication modules Demonstrate,prove the username and password information;
Sending module 105, for if the verification passes, sending resource corresponding with the URL request to the client.
Preferably, the comparing module includes:Comparing unit, for being configured according to the web.xml, compares the URL Whether request authorizes.The authentication module includes:Dispensing unit and unit is set up, wherein, dispensing unit is used in Linux behaviour Make in system, be pre-configured with the username and password and PAM authentication modules of each client;Unit is set up for setting up the use The incidence relation of name in an account book and password and the PAM authentication modules.
Optionally, the authentication module also includes:
Searching unit, for searching the user name that the user is based on the (SuSE) Linux OS of target information input With the username and password whether encrypted message belongs to each client being pre-configured with, if belonged to, it is determined that checking is logical Cross.
It should be noted that the operation principle of the user authentication device of the present embodiment offer refers to above-mentioned user authentication side The operation principle of method, herein not repeated description.
Except this, the present embodiment additionally provides a kind of customer certification system, including user authentication described in above-mentioned any one Device.
To sum up, a kind of user authen method is the embodiment of the invention provides, by receiving resource download request;Compare described Whether resource download request authorizes, if not, generation is queried and being identified and being sent including the target information for querying mark to visitor Family end;Receive the username and password information that user is based on the (SuSE) Linux OS of target information input;According to default Default authentication module is called in configuration file configuration, and the username and password information is verified by the default authentication module;Such as Fruit is verified, and sends resource corresponding with the resource download request to the client.
Basic the and Digest authentication methods in Http are namely be based on, with reference to the resource authorization management in Servlet specifications, The user management that web is applied and login authentication, entrust to linux system user management and Pam authentication modules;Web applications are not The function of user management and certification is provided.So as to lift the security of user's access, while simplifying web client login authentication Process, lifts verification efficiency.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation Between there is any this actual relation or order.And, term " including ", "comprising" or its any other variant meaning Covering including for nonexcludability, so that process, method, article or equipment including a series of key elements not only include that A little key elements, but also other key elements including being not expressly set out, or also include for this process, method, article or The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", does not arrange Except also there is other identical element in the process including the key element, method, article or equipment.
Each embodiment is described by the way of progressive in this specification, and what each embodiment was stressed is and other The difference of embodiment, between each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or uses the application. Various modifications to these embodiments will be apparent for those skilled in the art, as defined herein General Principle can in other embodiments be realized in the case where spirit herein or scope is not departed from.Therefore, the application The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one The scope most wide for causing.

Claims (9)

1. a kind of user authen method, it is characterised in that be applied to application server, the user authen method includes:
Receive resource download request;
Compare whether the resource download request authorizes, if not, generation is queried to identify and send queries what is identified including described Target information is to client;
Receive the username and password information that user is based on the (SuSE) Linux OS of target information input;
Default authentication module is called according to the configuration of default configuration file, the user name is verified by the default authentication module And encrypted message;
If the verification passes, resource corresponding with the resource download request to the client is sent.
2. user authen method according to claim 1, it is characterised in that whether the comparison resource download request Authorize, including:
According to the default configuration file, compare whether the resource download request authorizes.
3. user authen method according to claim 1, it is characterised in that described configuration according to default configuration file is adjusted Default authentication module is used, including:
In (SuSE) Linux OS, the username and password and default authentication module of each client are pre-configured with;
Set up the incidence relation of the username and password and the default authentication module.
4. user authen method according to claim 3, it is characterised in that described to be verified by the default authentication module The username and password information, including:
Whether the username and password information for searching the (SuSE) Linux OS that the user is based on target information input belongs to The username and password of each client being pre-configured with, if belonged to, it is determined that be verified.
5. a kind of user authentication device, it is characterised in that be applied to application server, the user authentication device includes:
First receiver module, for receiving resource download request;
Comparing module, for comparing whether the resource download request authorizes, if not, generation query is identified and sent including institute The target information for querying mark is stated to client;
Second receiver module, the user name of (SuSE) Linux OS of target information input and close is based on for receiving user Code information;
Authentication module, for calling default authentication module according to the configuration of default configuration file, by the default authentication module Verify the username and password information;
Sending module, for being verified when described, sends resource corresponding with the resource download request to the client.
6. user authentication device according to claim 5, it is characterised in that the comparing module includes:
Comparing unit, for according to the default configuration file, comparing whether the resource download request authorizes.
7. user authentication device according to claim 5, it is characterised in that the authentication module includes:
Dispensing unit, in (SuSE) Linux OS, being pre-configured with the username and password of each client and described default Authentication module;
Unit is set up, the incidence relation for setting up the username and password and the default authentication module.
8. user authentication device according to claim 5, it is characterised in that the authentication module also includes:
Searching unit, the user name of (SuSE) Linux OS of target information input and close is based on for searching the user Whether code information belongs to the username and password of each client being pre-configured with, if belonged to, it is determined that be verified.
9. a kind of customer certification system, it is characterised in that including user authentication as described in any one as described in claim 5-8 Device.
CN201710192304.6A 2017-03-28 2017-03-28 A kind of user authen method, apparatus and system Pending CN106790308A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710192304.6A CN106790308A (en) 2017-03-28 2017-03-28 A kind of user authen method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710192304.6A CN106790308A (en) 2017-03-28 2017-03-28 A kind of user authen method, apparatus and system

Publications (1)

Publication Number Publication Date
CN106790308A true CN106790308A (en) 2017-05-31

Family

ID=58966571

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710192304.6A Pending CN106790308A (en) 2017-03-28 2017-03-28 A kind of user authen method, apparatus and system

Country Status (1)

Country Link
CN (1) CN106790308A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108664778A (en) * 2018-03-26 2018-10-16 苏州科达科技股份有限公司 Method for authenticating user identity, device and electronic equipment
CN108984069A (en) * 2018-07-26 2018-12-11 深信服科技股份有限公司 A kind of progress control method and system based on linux system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102065131A (en) * 2010-12-03 2011-05-18 湖南大学 Single-point logging way and logging authentication
CN102457377A (en) * 2011-08-08 2012-05-16 中标软件有限公司 Role-Based Web Remote Authentication and Authorization Method and System
CN103036945A (en) * 2012-11-14 2013-04-10 上海百事通信息技术有限公司 Single sign on system
EP2792104A1 (en) * 2011-12-21 2014-10-22 SSH Communications Security Oyj Automated access, key, certificate, and credential management
CN104580081A (en) * 2013-10-15 2015-04-29 上海申铁信息工程有限公司 Integrated SSO (single sign on) system
US20150205755A1 (en) * 2013-08-05 2015-07-23 RISOFTDEV, Inc. Extensible Media Format System and Methods of Use
CN105657026A (en) * 2016-01-27 2016-06-08 浪潮电子信息产业股份有限公司 Method for realizing cross-domain work of NAS (network attached storage) server

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102065131A (en) * 2010-12-03 2011-05-18 湖南大学 Single-point logging way and logging authentication
CN102457377A (en) * 2011-08-08 2012-05-16 中标软件有限公司 Role-Based Web Remote Authentication and Authorization Method and System
EP2792104A1 (en) * 2011-12-21 2014-10-22 SSH Communications Security Oyj Automated access, key, certificate, and credential management
CN103036945A (en) * 2012-11-14 2013-04-10 上海百事通信息技术有限公司 Single sign on system
US20150205755A1 (en) * 2013-08-05 2015-07-23 RISOFTDEV, Inc. Extensible Media Format System and Methods of Use
CN104580081A (en) * 2013-10-15 2015-04-29 上海申铁信息工程有限公司 Integrated SSO (single sign on) system
CN105657026A (en) * 2016-01-27 2016-06-08 浪潮电子信息产业股份有限公司 Method for realizing cross-domain work of NAS (network attached storage) server

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108664778A (en) * 2018-03-26 2018-10-16 苏州科达科技股份有限公司 Method for authenticating user identity, device and electronic equipment
CN108664778B (en) * 2018-03-26 2021-03-30 苏州科达科技股份有限公司 User identity authentication method and device and electronic equipment
CN108984069A (en) * 2018-07-26 2018-12-11 深信服科技股份有限公司 A kind of progress control method and system based on linux system

Similar Documents

Publication Publication Date Title
AU2019210633B2 (en) Mobile multifactor single-sign-on authentication
CN108200050B (en) Single sign-on server, method and computer readable storage medium
US8751794B2 (en) System and method for secure nework login
KR101302763B1 (en) Method and apparatus for providing trusted single sign-on access to applications and internet-based services
US8495720B2 (en) Method and system for providing multifactor authentication
US9172541B2 (en) System and method for pool-based identity generation and use for service access
US8819416B2 (en) Method and system for modular authentication and session management
CN104021333B (en) Mobile security watch bag
CN104283886B (en) A kind of implementation method of the web secure access based on intelligent terminal local authentication
EP2689372A1 (en) User to user delegation service in a federated identity management environment
WO2015048039A1 (en) Resource locators with keys
CN108810003B (en) Safety verification scheme for multi-service party message access
US9602511B2 (en) User authentication
US11700121B2 (en) Secure authorization for sensitive information
WO2022195301A1 (en) Passwordless login
US11924211B2 (en) Computerized device and method for authenticating a user
CN106790308A (en) A kind of user authen method, apparatus and system
CN109729045A (en) Single-point logging method, system, server and storage medium
WO2022119587A1 (en) Tenant aware mutual tls authentication
US11316843B1 (en) Systems for authenticating users from a separate user interface
JP2014092891A (en) Authentication device, authentication method, and authentication program
Fan et al. Security Research about Asp. net Web Application
JP2016152042A (en) Information processing device, and authentication processing method and program in the same
Hochheiser COSC 617 Advanced Web Development

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531

RJ01 Rejection of invention patent application after publication