CN109815010A - Cloud platform unified identity authentication method and system - Google Patents
Cloud platform unified identity authentication method and system Download PDFInfo
- Publication number
- CN109815010A CN109815010A CN201811638308.3A CN201811638308A CN109815010A CN 109815010 A CN109815010 A CN 109815010A CN 201811638308 A CN201811638308 A CN 201811638308A CN 109815010 A CN109815010 A CN 109815010A
- Authority
- CN
- China
- Prior art keywords
- client
- identity authentication
- information
- digital certificate
- unified identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000003993 interaction Effects 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 abstract description 2
- 238000012795 verification Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 238000013475 authorization Methods 0.000 description 3
- 239000002699 waste material Substances 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 239000012141 concentrate Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- XUKUURHRXDUEBC-KAYWLYCHSA-N Atorvastatin Chemical compound C=1C=CC=CC=1C1=C(C=2C=CC(F)=CC=2)N(CC[C@@H](O)C[C@@H](O)CC(O)=O)C(C(C)C)=C1C(=O)NC1=CC=CC=C1 XUKUURHRXDUEBC-KAYWLYCHSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
本发明提供一种云平台统一身份认证方法,其包括下述步骤:构建包含有多个统一身份认证服务器的集群,并对集群做负载均衡处理;统一身份认证服务器接收来自客户端的用户登录信息,并验证用户登录信息,通过设置的统一域名创建TGT票据并生成ST票据,且将ST票据返回至客户端;客户端读取数字证书信息,并获取用户名信息/用户口令,且将数字证书信息以及用户名信息/用户口令发送至统一身份认证服务器;统一身份认证服务器判断对应的数字证书是否过期或者被撤销,以及核实数字证书是否被注册,还核实用户名信息/用户口令对应的用户身份信息。本发明可以统一身份管理和身份认证,降低身份认证的管理成本,提供身份认证的管理效率和安全。
The invention provides a cloud platform unified identity authentication method, which comprises the following steps: constructing a cluster including a plurality of unified identity authentication servers, and performing load balancing processing on the cluster; the unified identity authentication server receives user login information from a client, and And verify the user login information, create a TGT ticket and generate an ST ticket through the set unified domain name, and return the ST ticket to the client; the client reads the digital certificate information, obtains the user name information/user password, and sends the digital certificate information. And the user name information/user password is sent to the unified identity authentication server; the unified identity authentication server judges whether the corresponding digital certificate is expired or revoked, and verifies whether the digital certificate is registered, and also verifies the user identity information corresponding to the user name information/user password. . The invention can unify identity management and identity authentication, reduce the management cost of identity authentication, and provide management efficiency and security of identity authentication.
Description
Technical field
The present invention relates to network technique field more particularly to a kind of cloud platform unified identity authentication method and systems.
Background technique
The current multiple application programs of cloud platform include the application program of the following building, need a centralized identity pipe
Reason and identity authorization system.It, can be with Unified Identity management regulation, Unified Identity by the Identity Management and Verification System of centralization
Authentication system is finally avoided because of waste, the cost for reducing Identity Management, raising identity caused by constructing respective authentication system
The safety of certification.
Summary of the invention
In order to solve the above technical problems, the present invention provides a kind of cloud platform unified identity authentication method and system, Ke Yitong
One Identity Management and authentication reduce the management cost of authentication, provide the efficiency of management and safety of authentication.
A kind of cloud platform unified identity authentication method provided by the invention, includes the following steps:
Building includes the cluster of multiple unified identity authentication service devices, and does load balance process to the cluster;
The unified identity authentication service device receives the user login information from client, and verifies the user and log in
Information, after the user login information is verified, by the unified domain name of setting create TGT bill and generate with it is described
The corresponding ST bill of TGT bill, and the ST bill is back to the client, so that the client utilizes the ST
Bill single-sign-on or single-point LOG striding domain name under the cluster under the same domain name of the cluster;
The client reading digital certificate information, and acquisition username information corresponding with the digital certificate information/
User password, and the digital certificate information and the username information/user password are sent to the Unified Identity and recognized
Demonstrate,prove server;
The unified identity authentication service device judges whether corresponding digital certificate is expired according to the digital certificate information
Or be revoked, and verify whether the corresponding digital certificate of the digital certificate information is registered, also verify the user name
The corresponding subscriber identity information of information/user password.
Preferably, further include following step:
Each unified identity authentication service device caches the TGT bill and the ST bill to cache server,
Shared High Availabitity service is concentrated to provide by the cache server for all unified identity authentication service devices;
Session between all clients and the unified identity authentication service device is stored in session management server,
To realize the High Availabitity of session.
Preferably, further include following step:
In certificate authority downloadable authentication revocation list, to judge the digital certificate by the certificate revocation list
Whether revoke.
Preferably, verify whether the corresponding digital certificate of the digital certificate information is infused by LDAP keeps
Volume, and verify the corresponding subscriber identity information of the username information/user password.
Preferably, the client is Web applications client or C/S applications client;
When the client is Web applications client, between the client and the unified identity authentication service device
Data interaction is carried out by Http/Https agreement;
When the client is C/S client, pass through between the client and the unified identity authentication service device
The api interface of the unified identity authentication service device carries out data interaction.
The present invention also provides a kind of cloud platform unified single sign-on systems comprising client and multiple unified identity authentications
Server and cluster building module, wherein the client includes authentication information collection module, the Unified Identity
Certificate server includes single-sign-on module, authentication module;
The cluster building module, for construct include multiple unified identity authentication service devices cluster, and to described
Cluster does load balance process;
The single-sign-on module for receiving the user login information from client, and is verified the user and is logged in
Information, after the user login information is verified, by the unified domain name of setting create TGT bill and generate with it is described
The corresponding ST bill of TGT bill, and the ST bill is back to the client, so that the client utilizes the ST
Bill single-sign-on or single-point LOG striding domain name under the cluster under the same domain name of the cluster;
The authentication information collection module for reading digital certificate information, and obtains and believes with the digital certificate
Corresponding username information/user password is ceased, and the digital certificate information and the username information/user password are sent out
It send to the unified identity authentication service device;
The authentication module, for according to the digital certificate information judge corresponding digital certificate it is whether expired or
Person is revoked, and verifies whether the corresponding digital certificate of the digital certificate information is registered, and also verifies the user name letter
The corresponding subscriber identity information of breath/user password.
Preferably, the unified identity authentication service device further includes bill cache module, and the client further includes session
Cache module;
The bill cache module, for caching the TGT bill and the ST bill to cache server, with logical
It crosses the cache server and provides the High Availabitity service concentrated and shared for all unified identity authentication service devices;
The session cache module, for protecting the session between all clients and the unified identity authentication service device
There are in session management server, to realize the High Availabitity of session.
Preferably, the authentication module also, is also used in certificate authority downloadable authentication revocation list, to pass through
The certificate revocation list judges whether the digital certificate is revoked.
Preferably, the authentication module is further used for verifying the digital certificate letter by LDAP keeps
It ceases whether corresponding digital certificate is registered, and verifies the corresponding subscriber identity information of the username information/user password.
Preferably, the client is Web applications client or C/S applications client;
When the client is Web applications client, between the client and the unified identity authentication service device
Data interaction is carried out by Http/Https agreement;
When the client is C/S client, pass through between the client and the unified identity authentication service device
The api interface of the unified identity authentication service device carries out data interaction.
The invention has the following beneficial effects: the present invention can provide the body of a unified centralization for cloud platform
Part management and identity authorization system, the function of client single-sign-on can be completed by unified identity authentication service device, can also
To realize the function of authentication, can finally be avoided respective because constructing with Unified Identity management regulation, unified identity authentication system
Waste, the cost for reducing Identity Management caused by authentication system, the safety for improving authentication.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the flow chart of cloud platform unified identity authentication method provided by the invention.
Fig. 2 is the schematic diagram of cloud platform unified single sign-on system provided by the invention.
Fig. 3 is unified identity authentication service device deployment scheme schematic diagram provided by the invention.
Fig. 4 is Web applications client single-sign-on main flow schematic diagram provided by the invention.
Fig. 5 is main flow schematic diagram of the Web applications client provided by the invention across domain name access.
Fig. 6 is the main flow schematic diagram of C/S applications client single-sign-on provided by the invention.
Fig. 7 is the digital certificate authentication flow diagram of Web applications client provided by the invention.
Specific embodiment
The present invention provides a kind of cloud platform unified identity authentication method, as shown in Figure 1, it includes the following steps:
Building includes the cluster of multiple unified identity authentication service devices, and does load balance process to cluster;
Unified identity authentication service device receives the user login information from client, and verifies user login information,
After user login information is verified, TGT bill (ticket granting is created by the unified domain name of setting
Ticket logs in bill) and generate corresponding with TGT bill ST bill (Service Ticket, service ticket), and by ST
Bill is back to client, so as to client using ST bill under the same domain name of cluster single-sign-on or under cluster across
Domain name single-sign-on, single-point LOG striding domain name here refer under single authentication management;
Client reads digital certificate information, and obtains username information/user password corresponding with digital certificate information,
And digital certificate information and username information/user password are sent to unified identity authentication service device;
Unified identity authentication service device judges whether corresponding digital certificate is expired or removed according to digital certificate information
Pin, and verify whether the corresponding digital certificate of digital certificate information is registered, also verification username information/user password is corresponding
Subscriber identity information.
Further, cloud platform unified identity authentication method further includes following step:
Each unified identity authentication service device caches TGT bill and ST bill to cache server, by slow
It deposits server and provides the High Availabitity service concentrated and shared for all unified identity authentication service devices;
Session between all clients and unified identity authentication service device is stored in session management server, with reality
The High Availabitity of existing session.
Further, cloud platform unified identity authentication method further includes following step:
In certificate authority downloadable authentication revocation list, to judge whether digital certificate hangs by certificate revocation list
Pin.
Further, by LDAP (
Lightweight Directory Access Protocol, Light Directory Access Protocol) keeps verification
Whether the corresponding digital certificate of digital certificate information is registered, and verifies the corresponding user's body of username information/user password
Part information.
Further, client is Web applications client or C/S applications client.
When client is Web applications client, pass through Http/ between client and unified identity authentication service device
Https agreement carries out data interaction.
When client is C/S client, pass through unified identity authentication between client and unified identity authentication service device
API (Application Programming Interface, the application programming interface) interface of server carries out data friendship
Mutually.
Preferably, above-mentioned client be also provided with verification graphical verification code function (people's of graphical verification code
Discrimination >=70%, OCR software discrimination≤10%) and Single Sign Out function.Above-mentioned authentication is supported multifactor
Certification, other than user password, mobile digital certificate authentification of message, can also there is the certification etc. of the domain Windows account.
Unified identity authentication service device can also integrate password management function, including built in user password encryption algorithm, mouth
Enable effective period, Cipher Strength verification that there is combination to check that the pluggable ability of rule, user reset password etc..
The technical needs such as above-mentioned single-sign-on, authentication, user and rights management belong to unified identity authentication system
System, due to function opposite independent, it is desirable that this partial function can be disposed independently, separate with application system.
Single sign-on authentication bill has following characteristics: primary effective, effective time is configurable;It can prevent from forging, strategy
It is configurable;Client can not land.
Single-sign-on is the service independently disposed, and the identity authentication function for supporting user to concentrate provides not same area and answers
Single-sign-on between;Authentication then can verify use according to user name, password or other authentication informations that user inputs
The true identity at family.
Unsecured connections or secure connection (SSL) are supported in certification, while supporting unidirectional, two-way SSL;Authentication provide with
The measure of lower safety problem: including network interception, brute force attack, dictionary attack, cookie attack, theft authority, violence are reset
Registration and submission Data attack etc..Single-sign-on implementation is realized using mainstream SSO (Single Sign On, single-sign-on)
Scheme: CAS (Central Authentication Service, central authentication service).
Unified single sign-on system selects Jasig CAS (technological constraint) as the key foundation component of single-sign-on.
CAS is the open source system of Yale University's exploitation, it is intended to provide a kind of reliable single-point logging method for Web application system.CAS
It is had the advantage that with others open source SSO project plan comparison
1.SSO opening is good, and design concept is advanced, architecture is reasonable, configuration is simple, it can be readily appreciated that supporting to act on behalf of function
Energy;
2. supporting a variety of clients such as Java .NET, PHP, can independently dispose;
3. having than more complete document protocol;
4. reliable by industry extensive use, technology maturation.
Keeps select OpenLDAP.OpenLDAP is that the open source of current most widely used LDAP is realized.Figure
Identifying code selects Kaptcha.The advantages of compared to jCaptcha:
1) Kaptcha is easily installed use, and defaults output identifying code.
2) the verifying code value of Kaptcha is associated with Session, supports multiple servers cluster.
The present invention provides a kind of cloud platform unified single sign-on system comprising client shown in Fig. 2 and multiple unifications
Authentication server and cluster building module shown in Fig. 3, wherein client includes authentication information collection module,
Unified identity authentication service device includes single-sign-on module, authentication module.
Cluster building module be used to construct include multiple unified identity authentication service devices cluster, and cluster is loaded
Equilibrium treatment.
Single-sign-on module verifies user login information for receiving the user login information from client, with
After family log-on message is verified, TGT bill is created by the unified domain name of setting and generates ST corresponding with TGT bill
Bill, and ST bill is back to client, so as to client using ST bill under the same domain name of cluster single-sign-on or
Person's single-point LOG striding domain name under cluster.
Authentication information collection module obtains use corresponding with digital certificate information for reading digital certificate information
Name in an account book information/user password, and digital certificate information and username information/user password are sent to unified identity authentication clothes
Business device.
Authentication module is used for according to digital certificate information judging whether corresponding digital certificate is expired or is revoked,
And verify whether the corresponding digital certificate of digital certificate information is registered, also verification username information/user password is corresponding
Subscriber identity information.
Further, unified identity authentication service device further includes bill cache module, and client further includes session cache mould
Block.
Bill cache module is for caching TGT bill and ST bill to cache server, to pass through cache server
It is provided for all unified identity authentication service devices and concentrates shared High Availabitity service.
Session cache module is used to the session between all clients and unified identity authentication service device being stored in session
In management server, to realize the High Availabitity of session.
Further, authentication module is also used in certificate authority downloadable authentication revocation list, to pass through certificate
Revocation list judges whether digital certificate is revoked.
Further, authentication module is further used for corresponding by LDAP keeps verification digital certificate information
Digital certificate whether be registered, and verify the corresponding subscriber identity information of username information/user password.
Further, client is Web applications client or C/S applications client.
When client is Web applications client, pass through Http/ between client and unified identity authentication service device
Https agreement carries out data interaction.
When client is C/S client, pass through unified identity authentication between client and unified identity authentication service device
The api interface of server carries out data interaction.
The client login of single-sign-on is divided into the login of Web applications client and C/S applications client logs in, and client is stepped on
The effect of record is responsible for acting on behalf of the service call of single-sign-on, simplifies application program to the integrated difficulty of single-sign-on, as long as answering
It is logged in program installation client, by simply configuring, so that it may integrated single-sign-on function, without being carried out to application program
Modification.
Client logs in and the interaction of unified identity authentication service device is carried out by Http/Https agreement.C/S application visitor
It is realized by the Restful API of CAS Server (the single-sign-on module i.e. inside unified identity authentication service device) at family end
The TGT/ST of single-sign-on is obtained and note validating.
The SSO session of single-sign-on is stored in session management, to support the centralized management of SSO session.
The billing information of single-sign-on is centrally stored by buffer service.
Authentication is encrypted and is saved by password of the encryption/decryption algorithm component to user.
Authentication updates CRL (certificate revocation list) by the center CA (certificate authority) downloading.
Unified identity authentication service device includes two logic modules: single-sign-on and authentication, and single-sign-on module is negative
The single-sign-on of duty processing client and the request of note validating, and pass through the authentication of authentication module progress user.
Authentication module calls account server to carry out authentication, and account server selects LDAP account server.
The password of user's modification is saved to LDAP keeps.
User management shares user by database mode and extends information, and authentication is obtained by database connection type
The extension information of user.
As shown in figure 3, needing to solve SSO to realize High Availabitity demand of the unified single sign-on system without Single Point of Faliure
(single-sign-on) Session and bill it is shared, can be using concentrating shared and distribution copy to two schemes, this system is adopted
With the shared high availability scheme of concentration.
Unified identity authentication service uses trunking mode, does load balancing and Failover (failover) using Nginx.
CAS bill (including TGT bill and ST bill) concentration is buffered on cache server, to prevent from recognizing in Unified Identity
CAS bill is caused to lose after demonstrate,proving the Single Point of Faliure of server.
In order to support CAS bill not lose because of Single Point of Faliure in cache server, cache server is needed to provide high
Available solutions.
Because TGT bill is stored in TGT-cookie, in order to enable any unified identity authentication in cluster
Server generate TGT-cookie to all CAS Servers (that is to say above-mentioned single-sign-on module) in cluster as it can be seen that
Need to be arranged identical domain name.It needs in warnCookieGenerator and ticketGrantingTiketCookieGener
The setting for increasing cookieDomain in the bill generation strategy of ator, is arranged to unified domain name, for example all services are arranged
The identical father field name cas.szse.cn of device.
As also shown in e.g. figs. 4-7, Fig. 4 shows the main flow of single-sign-on, and Fig. 5 shows the cross-domain name of Web applications client and visits
The main flow asked, Fig. 6 show the main flow of C/S applications client single-sign-on, and Fig. 7 shows the number of Web applications client
Word certificate verification process.
Each user information (Group after avoiding directly is stored in the graph structure suggestion of LDAP data at " people "
Variation lead to structure change), distinguish user grouping by increasing simple " ou " attribute in each user information.
The present invention can provide the Identity Management and identity authorization system of a unified centralization for cloud platform, can unify
Identity Management specification, unified identity authentication system are finally avoided because of waste, reduction body caused by constructing respective authentication system
The cost of part management, the safety for improving authentication.
The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that
Specific implementation of the invention is only limited to these instructions.For those of ordinary skill in the art to which the present invention belongs, exist
Under the premise of not departing from present inventive concept, a number of simple deductions or replacements can also be made, all shall be regarded as belonging to of the invention
Protection scope.
Claims (10)
1. a kind of cloud platform unified identity authentication method, which is characterized in that include the following steps:
Building includes the cluster of multiple unified identity authentication service devices, and does load balance process to the cluster;
The unified identity authentication service device receives the user login information from client, and verifies the user and log in letter
Breath, after the user login information is verified, TGT bill is created by the unified domain name of setting and generation with it is described
The corresponding ST bill of TGT bill, and the ST bill is back to the client, so that the client utilizes the ST
Bill single-sign-on or single-point LOG striding domain name under the cluster under the same domain name of the cluster;
The client reads digital certificate information, and obtains username information/user corresponding with the digital certificate information
Password, and the digital certificate information and the username information/user password are sent to the unified identity authentication and taken
Business device;
The unified identity authentication service device according to the digital certificate information judge corresponding digital certificate it is whether expired or
Be revoked, and verify whether the corresponding digital certificate of the digital certificate information is registered, also verify the username information/
The corresponding subscriber identity information of user password.
2. cloud platform unified identity authentication method according to claim 1, which is characterized in that further include following step:
Each unified identity authentication service device caches the TGT bill and the ST bill to cache server, with logical
It crosses the cache server and provides the High Availabitity service concentrated and shared for all unified identity authentication service devices;
Session between all clients and the unified identity authentication service device is stored in session management server, with reality
The High Availabitity of existing session.
3. cloud platform unified identity authentication method according to claim 1, which is characterized in that further include following step:
In certificate authority downloadable authentication revocation list, whether to judge the digital certificate by the certificate revocation list
It revokes.
4. cloud platform unified identity authentication method according to claim 1, which is characterized in that pass through LDAP keeps
It verifies whether the corresponding digital certificate of the digital certificate information is registered, and verifies the username information/user password
Corresponding subscriber identity information.
5. cloud platform unified identity authentication method according to claim 1, which is characterized in that the client is answered for Web
With client or C/S applications client;
When the client is Web applications client, pass through between the client and the unified identity authentication service device
Http/Https agreement carries out data interaction;
When the client is C/S client, by described between the client and the unified identity authentication service device
The api interface of unified identity authentication service device carries out data interaction.
6. a kind of cloud platform unified single sign-on system, which is characterized in that including client and multiple unified identity authentication services
Device and cluster building module, wherein the client includes authentication information collection module, the unified identity authentication
Server includes single-sign-on module, authentication module;
The cluster building module, for construct include multiple unified identity authentication service devices cluster, and to the cluster
Do load balance process;
The single-sign-on module for receiving the user login information from client, and verifies the user login information,
After the user login information is verified, TGT bill is created by the unified domain name of setting and is generated and the TGT ticket
It is back to the client according to corresponding ST bill, and by the ST bill, so that the client utilizes the ST bill
Single-sign-on or the single-point LOG striding domain name under the cluster under the same domain name of the cluster;
The authentication information collection module for reading digital certificate information, and obtains and the digital certificate information pair
Username information/the user password answered, and the digital certificate information and the username information/user password are sent to
The unified identity authentication service device;
The authentication module, for according to the digital certificate information judge corresponding digital certificate it is whether expired or by
Revocation, and verify whether the corresponding digital certificate of the digital certificate information is registered, also verify the username information/use
The registered permanent residence enables corresponding subscriber identity information.
7. cloud platform unified single sign-on system according to claim 6, which is characterized in that the unified identity authentication clothes
Business device further includes bill cache module, and the client further includes session cache module;
The bill cache module, for caching the TGT bill and the ST bill to cache server, to pass through
It states cache server and provides the High Availabitity service concentrated and shared for all unified identity authentication service devices;
The session cache module, for the session between all clients and the unified identity authentication service device to be stored in
In session management server, to realize the High Availabitity of session.
8. cloud platform unified single sign-on system according to claim 6, which is characterized in that
The authentication module also, is also used in certificate authority downloadable authentication revocation list, to be hung by the certificate
Pin list judges whether the digital certificate is revoked.
9. cloud platform unified single sign-on system according to claim 6, which is characterized in that the authentication module into
One step is used to verify whether the corresponding digital certificate of the digital certificate information is registered by LDAP keeps, Yi Jihe
The corresponding subscriber identity information of the username information/user password in fact.
10. cloud platform unified single sign-on system according to claim 6, which is characterized in that the client is answered for Web
With client or C/S applications client;
When the client is Web applications client, pass through between the client and the unified identity authentication service device
Http/Https agreement carries out data interaction;
When the client is C/S client, by described between the client and the unified identity authentication service device
The api interface of unified identity authentication service device carries out data interaction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811638308.3A CN109815010A (en) | 2018-12-29 | 2018-12-29 | Cloud platform unified identity authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811638308.3A CN109815010A (en) | 2018-12-29 | 2018-12-29 | Cloud platform unified identity authentication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109815010A true CN109815010A (en) | 2019-05-28 |
Family
ID=66602989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811638308.3A Pending CN109815010A (en) | 2018-12-29 | 2018-12-29 | Cloud platform unified identity authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109815010A (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110381077A (en) * | 2019-07-26 | 2019-10-25 | 中国工商银行股份有限公司 | For the treating method and apparatus of digital certificate |
| CN110830512A (en) * | 2019-12-10 | 2020-02-21 | 宝付网络科技(上海)有限公司 | Multi-platform unified authentication system based on domain account |
| CN110881039A (en) * | 2019-11-27 | 2020-03-13 | 杭州安恒信息技术股份有限公司 | A cloud security management system |
| CN110891067A (en) * | 2019-12-10 | 2020-03-17 | 成都工业学院 | A revocable multi-server privacy protection authentication method and system |
| CN111062023A (en) * | 2019-11-26 | 2020-04-24 | 深圳市思迪信息技术股份有限公司 | Method and device for realizing single sign-on of multiple application systems |
| CN111107105A (en) * | 2019-12-31 | 2020-05-05 | 厦门中控智慧信息技术有限公司 | Identity authentication system and identity authentication method thereof |
| CN111241504A (en) * | 2020-01-16 | 2020-06-05 | 远景智能国际私人投资有限公司 | Identity authentication method and device, electronic equipment and storage medium |
| CN111310132A (en) * | 2020-02-24 | 2020-06-19 | 山东爱城市网信息技术有限公司 | Cluster certificate authentication method based on java development |
| CN111600837A (en) * | 2020-04-08 | 2020-08-28 | 曙光信息产业(北京)有限公司 | Login management system and method based on multi-data center cloud management platform |
| CN111600884A (en) * | 2020-05-15 | 2020-08-28 | 北京光润通科技发展有限公司 | Network authentication smart card and method |
| CN111859362A (en) * | 2020-06-09 | 2020-10-30 | 中国科学院数据与通信保护研究教育中心 | A multi-level identity authentication method and electronic device in a mobile environment |
| CN113132365A (en) * | 2021-04-07 | 2021-07-16 | 武汉光庭信息技术股份有限公司 | Communication security protection method and system of vehicle-mounted T-Box |
| CN113162921A (en) * | 2021-04-07 | 2021-07-23 | 武汉光庭信息技术股份有限公司 | Communication safety protection method, server and system for intelligent cabin |
| CN113343273A (en) * | 2021-06-30 | 2021-09-03 | 重庆渝高科技产业(集团)股份有限公司 | User login method, first server and computer readable storage medium |
| CN114757682A (en) * | 2022-03-25 | 2022-07-15 | 深圳市莱帝亚软件有限公司 | Digital certificate authentication method and corresponding terminal, system and storage device |
| CN115150105A (en) * | 2022-09-01 | 2022-10-04 | 杭州悦数科技有限公司 | Identity authentication method and system in distributed graph database |
| CN115459954A (en) * | 2022-08-10 | 2022-12-09 | 国家电网有限公司客户服务中心 | Authentication method of system and related equipment |
| CN116319047A (en) * | 2023-04-06 | 2023-06-23 | 内蒙古常盛制药有限公司 | A visitor system and visitor system encryption extension method |
| CN116488828A (en) * | 2023-05-15 | 2023-07-25 | 合芯科技(苏州)有限公司 | A unified authentication method for automatic deployment of heterogeneous clusters |
| US11770372B2 (en) | 2020-07-28 | 2023-09-26 | Hewlett Packard Enterprise Development Lp | Unified identity and access management (IAM) control plane for services associated with a hybrid cloud |
| CN117319087A (en) * | 2023-11-28 | 2023-12-29 | 北京车与车科技有限公司 | Single sign-on method, device and storage medium based on centralized authentication service |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588390A (en) * | 2009-06-24 | 2009-11-25 | 杭州华三通信技术有限公司 | Method for Improving Business Stickiness of Centralized Authentication Service System and Load Balancing Equipment |
| CN103490881A (en) * | 2013-09-06 | 2014-01-01 | 广东数字证书认证中心有限公司 | Authentication service system, user authentication method, and authentication information processing method and system |
| CN106878024A (en) * | 2017-03-08 | 2017-06-20 | 北京科摩仕捷科技有限公司 | A kind of checking code check method and system based on caching |
| CN106921678A (en) * | 2017-04-27 | 2017-07-04 | 中国舰船研究设计中心 | A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery |
| CN107483491A (en) * | 2017-09-19 | 2017-12-15 | 山东大学 | An access control method for distributed storage in cloud environment |
-
2018
- 2018-12-29 CN CN201811638308.3A patent/CN109815010A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588390A (en) * | 2009-06-24 | 2009-11-25 | 杭州华三通信技术有限公司 | Method for Improving Business Stickiness of Centralized Authentication Service System and Load Balancing Equipment |
| CN103490881A (en) * | 2013-09-06 | 2014-01-01 | 广东数字证书认证中心有限公司 | Authentication service system, user authentication method, and authentication information processing method and system |
| CN106878024A (en) * | 2017-03-08 | 2017-06-20 | 北京科摩仕捷科技有限公司 | A kind of checking code check method and system based on caching |
| CN106921678A (en) * | 2017-04-27 | 2017-07-04 | 中国舰船研究设计中心 | A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery |
| CN107483491A (en) * | 2017-09-19 | 2017-12-15 | 山东大学 | An access control method for distributed storage in cloud environment |
Non-Patent Citations (2)
| Title |
|---|
| 杨冬菊等: "基于缓存的分布式统一身份认证优化机制研究", 《计算机科学》 * |
| 潘娟: "基于CAS企业应用系统单点登录的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110381077A (en) * | 2019-07-26 | 2019-10-25 | 中国工商银行股份有限公司 | For the treating method and apparatus of digital certificate |
| CN111062023A (en) * | 2019-11-26 | 2020-04-24 | 深圳市思迪信息技术股份有限公司 | Method and device for realizing single sign-on of multiple application systems |
| CN111062023B (en) * | 2019-11-26 | 2024-04-30 | 深圳市思迪信息技术股份有限公司 | Method and device for realizing single sign-on of multi-application system |
| CN110881039A (en) * | 2019-11-27 | 2020-03-13 | 杭州安恒信息技术股份有限公司 | A cloud security management system |
| CN110881039B (en) * | 2019-11-27 | 2022-06-21 | 杭州安恒信息技术股份有限公司 | A cloud security management system |
| CN110830512A (en) * | 2019-12-10 | 2020-02-21 | 宝付网络科技(上海)有限公司 | Multi-platform unified authentication system based on domain account |
| CN110891067A (en) * | 2019-12-10 | 2020-03-17 | 成都工业学院 | A revocable multi-server privacy protection authentication method and system |
| CN111107105A (en) * | 2019-12-31 | 2020-05-05 | 厦门中控智慧信息技术有限公司 | Identity authentication system and identity authentication method thereof |
| CN111241504B (en) * | 2020-01-16 | 2024-01-05 | 远景智能国际私人投资有限公司 | Identity verification method, device, electronic equipment and storage medium |
| CN111241504A (en) * | 2020-01-16 | 2020-06-05 | 远景智能国际私人投资有限公司 | Identity authentication method and device, electronic equipment and storage medium |
| CN111310132A (en) * | 2020-02-24 | 2020-06-19 | 山东爱城市网信息技术有限公司 | Cluster certificate authentication method based on java development |
| CN111600837A (en) * | 2020-04-08 | 2020-08-28 | 曙光信息产业(北京)有限公司 | Login management system and method based on multi-data center cloud management platform |
| CN111600884A (en) * | 2020-05-15 | 2020-08-28 | 北京光润通科技发展有限公司 | Network authentication smart card and method |
| CN111859362A (en) * | 2020-06-09 | 2020-10-30 | 中国科学院数据与通信保护研究教育中心 | A multi-level identity authentication method and electronic device in a mobile environment |
| US12074862B2 (en) | 2020-07-28 | 2024-08-27 | Hewlett Packard Enterprise Development Lp | Unified identity and access management (IAM) control plane for services associated with a hybrid cloud |
| US11770372B2 (en) | 2020-07-28 | 2023-09-26 | Hewlett Packard Enterprise Development Lp | Unified identity and access management (IAM) control plane for services associated with a hybrid cloud |
| CN113162921A (en) * | 2021-04-07 | 2021-07-23 | 武汉光庭信息技术股份有限公司 | Communication safety protection method, server and system for intelligent cabin |
| CN113132365A (en) * | 2021-04-07 | 2021-07-16 | 武汉光庭信息技术股份有限公司 | Communication security protection method and system of vehicle-mounted T-Box |
| CN113343273A (en) * | 2021-06-30 | 2021-09-03 | 重庆渝高科技产业(集团)股份有限公司 | User login method, first server and computer readable storage medium |
| CN114757682A (en) * | 2022-03-25 | 2022-07-15 | 深圳市莱帝亚软件有限公司 | Digital certificate authentication method and corresponding terminal, system and storage device |
| CN115459954A (en) * | 2022-08-10 | 2022-12-09 | 国家电网有限公司客户服务中心 | Authentication method of system and related equipment |
| CN115150105A (en) * | 2022-09-01 | 2022-10-04 | 杭州悦数科技有限公司 | Identity authentication method and system in distributed graph database |
| CN116319047A (en) * | 2023-04-06 | 2023-06-23 | 内蒙古常盛制药有限公司 | A visitor system and visitor system encryption extension method |
| CN116488828A (en) * | 2023-05-15 | 2023-07-25 | 合芯科技(苏州)有限公司 | A unified authentication method for automatic deployment of heterogeneous clusters |
| CN116488828B (en) * | 2023-05-15 | 2024-01-23 | 合芯科技(苏州)有限公司 | Automatic deployment heterogeneous cluster unified authentication method |
| CN117319087A (en) * | 2023-11-28 | 2023-12-29 | 北京车与车科技有限公司 | Single sign-on method, device and storage medium based on centralized authentication service |
| CN117319087B (en) * | 2023-11-28 | 2024-02-27 | 北京车与车科技有限公司 | Single sign-on method, device and storage medium based on centralized authentication service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109815010A (en) | Cloud platform unified identity authentication method and system | |
| CN110268678B (en) | PKI-based login method for authentication agent user and server using same | |
| US8151317B2 (en) | Method and system for policy-based initiation of federation management | |
| KR102254499B1 (en) | Method for oauth service through blockchain, and terminal and server using the same | |
| US8621206B2 (en) | Authority-neutral certification for multiple-authority PKI environments | |
| US6668322B1 (en) | Access management system and method employing secure credentials | |
| US10270741B2 (en) | Personal authentication and access | |
| CN110535851A (en) | A kind of customer certification system based on oauth2 agreement | |
| CN109347799B (en) | A kind of identity information management method and system based on block chain technology | |
| US9825938B2 (en) | System and method for managing certificate based secure network access with a certificate having a buffer period prior to expiration | |
| US8407464B2 (en) | Techniques for using AAA services for certificate validation and authorization | |
| US7512782B2 (en) | Method and system for using a web service license | |
| US20080263644A1 (en) | Federated authorization for distributed computing | |
| CN110891060A (en) | Unified authentication system based on multi-service system integration | |
| US20210084020A1 (en) | System and method for identity and authorization management | |
| CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
| US20170104748A1 (en) | System and method for managing network access with a certificate having soft expiration | |
| CN102655494A (en) | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode | |
| KR102252086B1 (en) | Method for oauth service through blockchain, and terminal and server using the same | |
| Hu et al. | Security analysis of an attractive online authentication standard: FIDO UAF protocol | |
| CN109067785A (en) | Cluster authentication method, device | |
| US20240430096A1 (en) | Distribution of one-time passwords for multi-factor authentication via blockchain | |
| CN118802159B (en) | Authentication and authorization method, device, electronic equipment, storage medium and product | |
| KR20200112769A (en) | Method for oauth service through blockchain, and terminal and server using the same | |
| CN106603547B (en) | Unified login method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190528 |
|
| RJ01 | Rejection of invention patent application after publication |