[go: up one dir, main page]

CN112929388B - Network identity cross-device application fast authentication method and system, user agent device - Google Patents

Network identity cross-device application fast authentication method and system, user agent device Download PDF

Info

Publication number
CN112929388B
CN112929388B CN202110259933.2A CN202110259933A CN112929388B CN 112929388 B CN112929388 B CN 112929388B CN 202110259933 A CN202110259933 A CN 202110259933A CN 112929388 B CN112929388 B CN 112929388B
Authority
CN
China
Prior art keywords
terminal extension
authentication
internet terminal
server
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110259933.2A
Other languages
Chinese (zh)
Other versions
CN112929388A (en
Inventor
刘文印
吴泽楷
林禄滨
王凯
凡帅
戚宗城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN202110259933.2A priority Critical patent/CN112929388B/en
Publication of CN112929388A publication Critical patent/CN112929388A/en
Application granted granted Critical
Publication of CN112929388B publication Critical patent/CN112929388B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a method and a system for quickly authenticating network identity by cross-device application and user agent equipment, which comprise the following steps: acquiring an internet surfing terminal extension identifier; sending an authentication request to a website server according to prestored target website identity information and registration information to acquire authentication request feedback information, or forwarding the target website identity information and the registration information through a trusted server agent/terminal extension server; and sending the authentication request feedback information or the target website identity information and the registration information to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to a website server by using the authentication request feedback information or the target website identity information and the registration information to complete authentication operation. By adopting the technical scheme of the invention, the method is safer and more convenient, reduces operation steps, can send out a login command from the easy App for login, and realizes the opening of a webpage or application and the successful login of a related account on another computer or mobile phone.

Description

网络身份跨设备应用快速认证方法和系统、用户代理设备Network identity cross-device application fast authentication method and system, user agent device

技术领域technical field

本发明涉及信息安全技术领域,更具体地说,涉及一种网络身份跨设备应用快速认证方法和系统、用户代理设备。The present invention relates to the technical field of information security, and more specifically relates to a method and system for fast authentication of cross-device application of network identity, and a user agent device.

背景技术Background technique

随着互联网规模的扩张及用户使用需求的增大,网络空间发展给我们带来方便快捷的同时,也为个人带来新的挑战,传统基于字符型“用户名-密码”的网络身份认证管理机制因其使用简单、可靠性强、易于部署、成本低廉而成为当前主流的网络身份认证管理机制。With the expansion of the scale of the Internet and the increase in user needs, the development of cyberspace brings us convenience and speed, but also brings new challenges to individuals. The traditional network identity authentication management based on the character type "username-password" The mechanism has become the current mainstream network identity authentication management mechanism because of its simple use, strong reliability, easy deployment, and low cost.

然而如今单个用户需要面对在多个网站上注册网络身份、同时管理多个网络身份的场景,由此可能遭受到如密码疲劳、钓鱼诈骗、撞库攻击等一系列严重的网络安全威胁。However, nowadays a single user needs to face the scenario of registering online identities on multiple websites and managing multiple online identities at the same time, which may encounter a series of serious network security threats such as password fatigue, phishing scams, and credential stuffing attacks.

例如,某用户在多个网站上注册了网络身份,为了提高安全性,不同网络身份需要设置不同的用户名和密码。为此该用户需同时记忆很多用户名和密码,易造成多个用户名及密码混淆不清,用户体验很差。这就是所谓“密码疲劳”问题。并且当用户想要同时访问多个网页应用时,需要同时打开多个网址,并在每一个网址中分别输入相应的用户名和密码,这个过程不仅会出现上述的“密码疲劳”问题,还会影响用户的工作效率。For example, a user has registered network identities on multiple websites. In order to improve security, different user names and passwords need to be set for different network identities. For this reason, the user needs to memorize a lot of user names and passwords at the same time, which easily causes confusion of multiple user names and passwords, and the user experience is very poor. This is the so-called "password fatigue" problem. And when a user wants to access multiple web applications at the same time, he needs to open multiple URLs at the same time, and enter the corresponding user name and password in each URL. This process will not only cause the above-mentioned "password fatigue" problem, but also affect User productivity.

为方便起见,大多数用户选择相同的或近似的用户名且共享一个密码,这样虽然易于记忆,但安全性较低。一旦一个账号被盗,所有账号都有被泄露的风险。黑客可以通过尝试使用已经泄露的身份信息或常用密码去登录,非法获得大量的用户网络身份信息。这就是所谓的“撞库”攻击。For convenience, most users choose the same or similar user names and share a password, which is easy to remember but less secure. Once one account is stolen, all accounts are at risk of being leaked. Hackers can illegally obtain a large amount of user network identity information by trying to log in with leaked identity information or common passwords. This is the so-called "credential stuffing" attack.

因此,如何在避免密码疲劳的前提下,提高了网络身份认证的安全性和便捷性是本领域技术人员需要解决的问题。Therefore, how to improve the security and convenience of network identity authentication under the premise of avoiding password fatigue is a problem to be solved by those skilled in the art.

发明内容Contents of the invention

本发明的目的在于提供一种网络身份跨设备应用快速认证方法、系统、用户代理设备,更加安全,更加便捷,减少操作步骤,可以从登录易App中发出登录命令,在另一台电脑或手机上实现打开网页或应用并成功登录相关账户。The purpose of the present invention is to provide a network identity cross-device application fast authentication method, system, and user agent device, which are safer, more convenient, and reduce operating steps. The login command can be issued from the login easy App, and the login command can be used on another computer or mobile phone. Open the web page or application and successfully log in to the relevant account.

为实现上述目的,本发明采用如下的技术方案:To achieve the above object, the present invention adopts the following technical solutions:

一种网络身份跨设备应用快速认证方法,包括:A fast authentication method for cross-device application of network identity, comprising:

用户代理获取上网终端扩展标识;The user agent obtains the extended identifier of the Internet access terminal;

根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈信息,或者通过可信服务器代理/终端扩展服务器转发目标网站身份信息和注册信息;According to the pre-stored target website identity information and registration information, send an authentication request to the website server to obtain the authentication request feedback information, or forward the target website identity information and registration information through the trusted server proxy/terminal extension server;

将认证请求反馈信息、或者目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便所述上网终端扩展利用所述认证请求反馈信息、或者目标网站身份信息和注册信息向网站服务器发送认证请求完成认证操作。sending the authentication request feedback information, or the target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension uses the authentication request feedback information, or the target website identity information and registration information The message sends an authentication request to the website server to complete the authentication operation.

作为优选,所述将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:Preferably, the sending the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes:

用户代理将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理;The user agent sends the target website identity information, registration information and Internet terminal extension identification to the trusted server agent;

可信服务器代理根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈信息;The trusted server agent sends an authentication request to the website server according to the pre-stored target website identity information and registration information to obtain the authentication request feedback information;

可信服务器代理将所述认证请求反馈信息及预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。The trusted server agent sends the authentication request feedback information and the pre-stored authentication verification callback address to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation.

作为优选,所述将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:Preferably, the sending the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes:

用户代理将目标网站身份信息、注册信息向网站服务器发送认证请求以获取认证请求反馈信息;The user agent sends the identity information and registration information of the target website to the website server to obtain the authentication request feedback information;

用户代理将所述认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。The user agent sends the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation.

作为优选,所述将目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:Preferably, the sending the target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes:

用户代理将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理或终端扩展服务器;The user agent sends the identity information of the target website, the registration information and the extended identification of the Internet terminal to the trusted server agent or the terminal extended server;

可信服务器代理或终端扩展服务器将所述目标网站身份信息、注册信息和预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。The trusted server agent or the terminal extension server sends the target website identity information, registration information and pre-stored authentication verification callback address to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension can send the The authentication request completes the authentication operation.

作为优选,所述将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:Preferably, the sending the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes:

用户代理将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理;The user agent sends the target website identity information, registration information and Internet terminal extension identification to the trusted server agent;

所述上网终端扩展根据监听所述可信服务器代理的请求,将生成所述随机数state发送给所述可信服务器代理;The Internet terminal extension sends the generated random number state to the trusted server agent according to the request of listening to the trusted server agent;

可信服务器代理根据预存的目标网站身份信息、注册信息和随机数state向网站服务器发送认证请求以获取认证请求反馈信息;The trusted server agent sends an authentication request to the website server according to the pre-stored target website identity information, registration information and random number state to obtain authentication request feedback information;

可信服务器代理将所述认证请求反馈信息及预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。The trusted server agent sends the authentication request feedback information and the pre-stored authentication verification callback address to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation.

作为优选,获取上网终端扩展标识包括:Preferably, obtaining the extended identifier of the Internet access terminal includes:

用户通过主密码登录/激活用户代理;User logs in/activates user agent via master password;

上网终端扩展生成临时的唯一UUID,等待用户代理的授权请求后将UUID发送给用户代理和终端扩展服务器;The Internet terminal extension generates a temporary unique UUID, and sends the UUID to the user agent and the terminal extension server after waiting for the authorization request of the user agent;

用户代理接收到上网终端扩展发来的UUID后,转发至终端扩展服务器,由终端扩展服务器进行UUID校验;After the user agent receives the UUID sent by the Internet terminal extension, it forwards it to the terminal extension server, and the terminal extension server performs UUID verification;

终端扩展服务器识别并匹配从上网终端扩展和用户代理得到的UUID,若匹配成功,则根据UUID生成并返回上网终端扩展标识至用户代理。The terminal extension server identifies and matches the UUID obtained from the Internet terminal extension and the user agent. If the match is successful, it generates and returns the Internet terminal extension identifier to the user agent according to the UUID.

作为优选,所述获取上网终端扩展标识包括:Preferably, said obtaining the extended identifier of the Internet access terminal includes:

用户通过主密码登录/激活用户代理,记录user_id;The user logs in/activates the user agent through the master password, and records the user_id;

上网终端扩展生成临时的唯一UUID,等待用户代理的授权请求后将UUID发送给用户代理和终端扩展服务器,同时记录用户代理授权时发来的user_id;The Internet terminal extension generates a temporary unique UUID, waits for the authorization request of the user agent, and sends the UUID to the user agent and the terminal extension server, and records the user_id sent by the user agent when it is authorized;

终端扩展服务器接收上网终端扩展发来的UUID,记录扩展唯一标识,建立UUID和扩展唯一标识的映射关系;The terminal extension server receives the UUID sent by the Internet terminal extension, records the extended unique identifier, and establishes the mapping relationship between the UUID and the extended unique identifier;

用户代理接收到上网终端扩展发来的UUID,将user_id和UUID发送至终端扩展服务器,由终端扩展服务器进行UUID校验;The user agent receives the UUID sent by the Internet terminal extension, sends the user_id and UUID to the terminal extension server, and the terminal extension server performs UUID verification;

终端扩展服务器接收用户代理发来的user_id和UUID,识别并匹配从上网终端扩展和用户代理得到的UUID,若匹配成功,建立起user_id和扩展唯一标识的映射关系,同时删除第一步中UUID和扩展唯一标识的映射关系,并对UUID进行过期处理;The terminal extension server receives the user_id and UUID sent by the user agent, identifies and matches the UUID obtained from the Internet terminal extension and the user agent, and if the match is successful, establishes the mapping relationship between user_id and the extended unique identifier, and deletes the UUID and UUID in the first step. Extend the mapping relationship of unique identifiers and perform expiration processing on UUID;

当用户代理想要进行相关认证操作时,发送user_id到终端扩展服务器,由终端扩展服务器查询user_id和扩展唯一标识的映射关系,查询成功则返回上网终端扩展标识给到用户代理。When the user agent wants to perform relevant authentication operations, it sends the user_id to the terminal extension server, and the terminal extension server queries the mapping relationship between the user_id and the extended unique identifier. If the query is successful, it returns the Internet terminal extension identifier to the user agent.

作为优选,用户代理将预存的目标网站的可访问地址发送上网终端扩展,以便上网终端扩展新建目标网站页面窗口。Preferably, the user agent sends the pre-stored accessible address of the target website to the Internet terminal extension, so that the Internet terminal extension can create a page window of the target website.

作为优选,所述上网终端扩展监听所述可信服务器代理的请求,并接收所述认证请求反馈信息及预存的认证检验回调地址。Preferably, the Internet terminal extension monitors the request of the trusted server agent, and receives the authentication request feedback information and the pre-stored authentication verification callback address.

作为优选,所述认证请求反馈信息包含:反馈登录认证信息和可用于验证登录授权状态的token;其中,所述token为网站服务器验证用户是否已登录授权的标识令牌。Preferably, the authentication request feedback information includes: feedback login authentication information and a token that can be used to verify the status of login authorization; wherein, the token is an identification token for the website server to verify whether the user is authorized to log in.

作为优选,所述上网终端扩展监听所述可信服务器代理或终端扩展服务器的请求,并接收所述目标网站身份信息、注册信息和预存的认证检验回调地址。Preferably, the Internet access terminal extension monitors the request of the trusted server agent or the terminal extension server, and receives the target website identity information, registration information and pre-stored authentication verification callback address.

本发明还提供一种网络身份跨设备应用快速认证系统,包括:The present invention also provides a network identity cross-device application rapid authentication system, including:

获取模块,用于用户代理获取上网终端扩展标识;An acquisition module, used for the user agent to acquire the extended identifier of the Internet access terminal;

处理模块,用于根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈令牌,或者通过可信服务器代理/终端扩展服务器转发目标网站身份信息和注册信息;A processing module, configured to send an authentication request to the website server to obtain an authentication request feedback token according to the pre-stored target website identity information and registration information, or forward the target website identity information and registration information through the trusted server proxy/terminal extension server;

认证模块,用于将认证请求反馈信息、或者目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便所述上网终端扩展利用所述认证请求反馈信息、或者目标网站身份信息和注册信息向网站服务器发送认证请求完成认证操作。An authentication module, configured to send authentication request feedback information, or target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension can use the authentication request feedback information, or the target website The website identity information and registration information send an authentication request to the website server to complete the authentication operation.

作为优选,所述认证模块配置为:通过可信服务器代理根据身份信息和所述注册信息向所述网站服务器发送认证请求以获取认证请求反馈信息,并将认证请求反馈信息和预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。Preferably, the authentication module is configured to: send an authentication request to the website server through the trusted server agent according to the identity information and the registration information to obtain the authentication request feedback information, and call back the authentication request feedback information and the pre-stored authentication check The address is sent to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation.

作为优选,所述认证模块配置为:将身份信息和所述注册信息向网站服务器发送认证请求以获取认证请求反馈信息,并将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。Preferably, the authentication module is configured to: send an authentication request to the website server with the identity information and the registration information to obtain authentication request feedback information, and send the authentication request feedback information to the Internet access terminal corresponding to the Internet access terminal extension identifier extension, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation.

作为优选,所述认证模块配置为:将目标网站身份信息、注册信息及扩展标识发送至可信服务器代理或终端扩展服务器;并将所述目标网站身份信息和注册信息转发至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。Preferably, the authentication module is configured to: send the target website identity information, registration information and extension identification to a trusted server agent or terminal extension server; and forward the target website identity information and registration information to the Internet access terminal extension The corresponding Internet access terminal extension is identified, so that the Internet access terminal extension sends an authentication request to the website server to complete the authentication operation.

本发明还提供一种用户代理设备,包括:The present invention also provides a user agent device, including:

存储器,用于存储网络身份认证程序;A memory for storing a network identity authentication program;

处理器,用于执行所述网络身份认证程序时实现网络身份跨设备应用快速认证方法。The processor is configured to implement the network identity cross-device application fast authentication method when executing the network identity authentication program.

本发明还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有网络身份认证程序,所述网络身份认证程序被处理器执行时实现网络身份跨设备应用快速认证方法。The present invention also provides a computer-readable storage medium, wherein a network identity authentication program is stored on the computer-readable storage medium, and when the network identity authentication program is executed by a processor, a fast authentication method for network identity cross-device application is realized.

本发明的网络身份跨设备应用快速认证方法、系统、用户代理设备,用户代理可以为用户在每一个需要登录或注册的目标网站上事先存储目标网站的可访问地址和访问该网站所需要的认证身份信息,如用户名和密码,用户不需要记住这些目标网站的地址、用户名和密码,在需要注册或登录目标网站时,不需要从目标网站下载所需应用程序,直接通过用户代理激活认证请求,由服务器代理直接将网络身份信息发送至网站服务器执行认证处理,借由上网终端扩展快速打开目标网站页面并自动完成认证操作。The network identity cross-device application fast authentication method, system, and user agent device of the present invention, the user agent can store the accessible address of the target website and the authentication required for accessing the website in advance for the user on each target website that needs to log in or register Identity information, such as usernames and passwords, users do not need to remember the addresses, usernames and passwords of these target websites, and when they need to register or log in to the target website, they do not need to download the required application from the target website, and directly activate the authentication request through the user agent , the server agent directly sends the network identity information to the website server to perform authentication processing, and quickly opens the target website page through the Internet terminal extension and automatically completes the authentication operation.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明实施例网络身份跨设备应用快速认证方法的流程图;Fig. 1 is the flow chart of the fast authentication method of cross-device application of network identity according to the embodiment of the present invention;

图2为本发明实施例网络身份跨设备应用快速认证方法的一种优选方式示意图;FIG. 2 is a schematic diagram of a preferred mode of a network identity cross-device application fast authentication method according to an embodiment of the present invention;

图3为本发明实施例网络身份跨设备应用快速认证方法的另一种优选方式示意图;FIG. 3 is a schematic diagram of another preferred mode of a network identity cross-device application fast authentication method according to an embodiment of the present invention;

图4为本发明实施例网络身份跨设备应用快速认证方法的又一种优选方式示意图;FIG. 4 is a schematic diagram of another preferred mode of a network identity cross-device application fast authentication method according to an embodiment of the present invention;

图5为本发明实施例网络身份跨设备应用快速认证方法的再一种优选方式示意图;FIG. 5 is a schematic diagram of yet another preferred mode of a network identity cross-device application fast authentication method according to an embodiment of the present invention;

图6为本发明实施例网络身份跨设备应用快速认证方法的再一种优选方式示意图示意图;FIG. 6 is a schematic diagram of yet another preferred mode of a network identity cross-device application fast authentication method according to an embodiment of the present invention;

图7为本发明实施例获取上网终端扩展标识的流程图;FIG. 7 is a flow chart of obtaining an extended identifier of an Internet access terminal according to an embodiment of the present invention;

图8为本发明实施例网络身份跨设备应用快速认证系统的结构示意图。FIG. 8 is a schematic structural diagram of a fast authentication system for cross-device application of network identity according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整的描述,显然,所描述的实施例仅是本发明的一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

如图1所示,一种网络身份跨设备应用快速认证方法,用户可以在避免密码疲劳的前提下,快速自动新建应用页面窗口,完成登录、注册等网络身份认证请求操作,在提高了网络身份安全性的同时提高工作效率,包括:As shown in Figure 1, a fast authentication method for cross-device network identity applications allows users to quickly and automatically create new application page windows and complete network identity authentication request operations such as login and registration without password fatigue. Increase productivity while maintaining security, including:

步骤S1、用户代理获取上网终端扩展标识;Step S1, the user agent obtains the extended identifier of the Internet access terminal;

步骤S2、根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈信息,或者通过可信服务器代理/终端扩展服务器转发目标网站身份信息和注册信息;Step S2, sending an authentication request to the website server to obtain authentication request feedback information according to the pre-stored target website identity information and registration information, or forwarding the target website identity information and registration information through the trusted server proxy/terminal extension server;

步骤S3、将认证请求反馈信息、或者目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便所述上网终端扩展利用所述认证请求反馈信息、或者目标网站身份信息和注册信息向网站服务器发送认证请求完成认证操作;其中,所述网站服务器为用户欲要访问目标网址的网站服务器。Step S3: Send the authentication request feedback information, or the target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension can use the authentication request feedback information or the target website identity information and registration information to send an authentication request to the website server to complete the authentication operation; wherein, the website server is the website server that the user wants to visit the target website.

本发明实施例提供的网络身份跨设备应用快速认证的方法,用户代理可以为用户在每一个需要登录或注册的目标网站事先存储目标网站身份信息和注册信息。所述目标网站身份信息包括可访问地址,和/或以下部分或全部:网站或应用的服务器地址,IP地址,端口,域名,URL,URI等。所诉注册信息包括用户访问该网站所需要的认证身份信息,如用户名和密码。用户不需要记住这些目标网站的地址、用户名和密码,在需要注册或登录目标网站时,不需要从目标网站下载所需应用程序,直接通过用户代理触发或激活认证请求,由服务器代理直接将注册信息发送至网站服务器执行认证处理,借由上网终端扩展快速打开目标网站页面并自动完成认证操作。The embodiment of the present invention provides a network identity cross-device application fast authentication method, and the user agent can store target website identity information and registration information for each target website that needs to log in or register for the user. The target website identity information includes an accessible address, and/or part or all of the following: server address, IP address, port, domain name, URL, URI, etc. of the website or application. The registration information mentioned includes the authentication identity information required by the user to access the website, such as user name and password. Users do not need to remember the addresses, user names and passwords of these target websites. When they need to register or log in to the target website, they do not need to download the required application program from the target website, and directly trigger or activate the authentication request through the user agent, and the server agent directly sends the The registration information is sent to the website server for authentication processing, and the target website page is quickly opened through the Internet terminal extension and the authentication operation is automatically completed.

本发明实施例中,用户代理事先存储目标网站的可访问地址,目标网站的身份信息或事先根据目标网站的注册规则自动生成目标网站的注册信息;所述注册信息可以包括登录该目标网站的用户名和密码。所述身份信息包括用户会话信息等。可访问地址包括可以通过具体应用直接访问到目标网站的网络地址等;In the embodiment of the present invention, the user agent stores the accessible address of the target website in advance, the identity information of the target website or automatically generates the registration information of the target website in advance according to the registration rules of the target website; the registration information may include the users who log in to the target website name and password. The identity information includes user session information and the like. Accessible addresses include network addresses that can directly access the target website through specific applications;

需要说明的是,用户代理是一个可以被用户信任,帮助用户自动生成账户信息的计算机系统。每个用户可以授权多个用户代理,但一个用户代理只能为一个用户服务。用户可以事先授权并激活用户代理,通过用户代理事先存储目标网站的可访问地址、注册信息以及身份信息。用户授权用户代理存储上述认证信息存在多种方式,在此不作具体限定,本领域技术人员可以根据实际情况灵活选择。例如,用户代理可以根据目标网站的注册规则代替用户自动完成账户信息(即用户名和密码)的生成。用户也可以结合自己的实际需求在用户代理中添加新注册的账号或是删除曾经注册过的旧账号并实现在云端及多个用户代理之间备份和同步。It should be noted that a user agent is a computer system that can be trusted by users and helps users automatically generate account information. Each user can authorize multiple user agents, but one user agent can only serve one user. The user can authorize and activate the user agent in advance, and store the accessible address, registration information and identity information of the target website in advance through the user agent. There are many ways for the user to authorize the user agent to store the above authentication information, which are not specifically limited here, and those skilled in the art can choose flexibly according to the actual situation. For example, the user agent can automatically complete the generation of account information (ie, username and password) on behalf of the user according to the registration rules of the target website. Users can also add new registered accounts in the user agent or delete old registered accounts according to their actual needs, and realize backup and synchronization between the cloud and multiple user agents.

此步骤为本实施例的发起步骤,默认用户代理已经被用户授权并激活。其中,用户激活该用户代理可以有多种方式,在此不作具体限定。例如,用户可以为该用户代理设置一个主密码,通过输入主密码的方式激活该用户代理。又如,用户可以通过输入已经授权的生物体征的方式激活该用户代理,生物体征可以包括用户的虹膜信息、指纹信息、音频信息等,在此不作具体限定。This step is the initiation step of this embodiment, and the default user agent has been authorized and activated by the user. Wherein, there are many ways for the user to activate the user agent, which are not specifically limited here. For example, the user can set a master password for the user agent, and activate the user agent by entering the master password. For another example, the user may activate the user agent by inputting authorized biometrics, which may include the user's iris information, fingerprint information, audio information, etc., which are not specifically limited here.

上网终端扩展标识是由上网终端扩展生成的唯一标识该终端扩展的唯一令牌,后续步骤与上网终端扩展的交互均需要依靠该唯一标识来进行会话检验。The Internet access terminal extension identifier is a unique token generated by the Internet access terminal extension to uniquely identify the terminal extension. The interaction between the subsequent steps and the Internet access terminal extension needs to rely on the unique identifier for session verification.

如图2所示,本发明实施中一种优选方式,所述将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:As shown in Figure 2, in a preferred manner in the implementation of the present invention, the sending of the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes:

用户代理将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理;The user agent sends the target website identity information, registration information and Internet terminal extension identification to the trusted server agent;

可信服务器代理根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈信息;具体为:在具体实施中,可信服务器代理的作用为向网站服务器发送认证请求,该认证请求可以是注册请求,也可以是登录请求。若认证成功,则由网站服务器返回认证请求反馈令牌到可信服务器代理;认证失败将返回合理的错误反馈,由可信服务器代理告知用户代理。网站服务器生成认证请求反馈令牌可以有多种方式,在此不作具体限定,本领域技术人员可以根据实际情况灵活选择。例如,可以是由网站服务器生成唯一的会话标识符(session ID),可以是使用UUID方法生成的全球唯一标识,也可以是基于RSA等加密算法生成的令牌密文,以建立更为完善的安全机制。The trusted server agent sends an authentication request to the website server according to the pre-stored target website identity information and registration information to obtain the authentication request feedback information; specifically: in the specific implementation, the role of the trusted server agent is to send the authentication request to the website server, the The authentication request can be a registration request or a login request. If the authentication is successful, the web server will return the authentication request feedback token to the trusted server agent; if the authentication fails, a reasonable error feedback will be returned, and the trusted server agent will inform the user agent. There are many ways for the website server to generate the authentication request feedback token, which are not specifically limited here, and those skilled in the art can choose flexibly according to the actual situation. For example, it can be a unique session identifier (session ID) generated by the website server, a globally unique identifier generated using the UUID method, or a token ciphertext generated based on an encryption algorithm such as RSA to establish a more complete session ID. Security Mechanism.

可信服务器代理将所述认证请求反馈信息及预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作;其中,所述上网终端扩展监听所述可信服务器代理的请求,并接收所述认证请求反馈信息及预存的认证检验回调地址。具体为:所述认证检验回调地址是由目标网站事先授权可信服务器代理的重定向校验接口,该接口地址主要用于检验上网终端扩展的认证请求正确,检验通过则创建授权上网终端扩展的认证状态,即完成了一次登录、注册或修改密码的请求。在具体实施中,上网终端扩展接收到由可信服务器代理发来的目标网站可访问地址、认证请求反馈令牌及认证检验回调地址后,根据可访问地址新建上网终端扩展新的应用标签页,待页面加载成功后,将所述认证请求反馈令牌作为请求参数请求所述回调地址,等待回调地址的认证信息反馈并根据反馈信息记录认证状态。回调地址指向网站服务器的认证校验接口,主要用于识别并匹配上网终端扩展发送的认证反馈令牌,若匹配成功,则创建授权上网终端扩展的认证状态,完成了一次登录、注册或修改密码的请求,并反馈正确的认证信息,认证信息可以是重定向处理,控制上网终端扩展自动跳转至正确的可访问标签页。The trusted server agent sends the authentication request feedback information and the pre-stored authentication verification callback address to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation; wherein , the Internet access terminal expands to monitor the request of the trusted server agent, and receives the authentication request feedback information and the pre-stored authentication verification callback address. Specifically: the authentication verification callback address is a redirection verification interface authorized by the target website in advance as an agent of the trusted server. This interface address is mainly used to verify that the authentication request of the Internet terminal extension is correct. If the verification is passed, an authorized Internet terminal extension is created. Authentication status, that is, a request to log in, register, or change a password has been completed. In the specific implementation, after receiving the accessible address of the target website, the authentication request feedback token and the callback address of the authentication verification sent by the trusted server agent, the Internet terminal extension creates a new application tab page for the Internet terminal extension according to the accessible address, After the page is loaded successfully, use the authentication request feedback token as a request parameter to request the callback address, wait for the feedback of the authentication information of the callback address, and record the authentication status according to the feedback information. The callback address points to the authentication verification interface of the website server, which is mainly used to identify and match the authentication feedback token sent by the Internet terminal extension. If the match is successful, the authentication status of the authorized Internet terminal extension is created, and a login, registration or password change is completed. request, and feedback the correct authentication information, the authentication information can be redirected to control the Internet terminal extension to automatically jump to the correct accessible tab.

如图3所示,本发明实施中一种优选方式,所述将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:As shown in FIG. 3 , a preferred manner in the implementation of the present invention, the sending of the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes:

用户代理将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理;The user agent sends the target website identity information, registration information and Internet terminal extension identification to the trusted server agent;

所述上网终端扩展根据监听所述可信服务器代理的请求,将生成所述随机数state发送给所述可信服务器代理;The Internet terminal extension sends the generated random number state to the trusted server agent according to the request of listening to the trusted server agent;

需要说明的是,随机数state是一个防止CSRF攻击的参数,由上网终端扩展随机生成。在具体实施中,随机数state的生成有多种方式,在此不作具体限定,本领域技术人员可以根据实际情况灵活选择。生成后的state将发送至可信服务器代理进行后续步骤认证请求参数,并由上网终端扩展临时写入本地存储,具体存储方式在此不作具体限定,本领域技术人员可以根据实际情况灵活选择,如cookie等。等到上网终端扩展执行后续步骤时取出,作为认证检验回调地址的检验参数之一发送至网站服务器,以利于网站服务器判断是否是安全合理的请求。It should be noted that the random number state is a parameter to prevent CSRF attacks, and is randomly generated by the Internet terminal extension. In a specific implementation, there are many ways to generate the random number state, which are not specifically limited here, and those skilled in the art can choose flexibly according to the actual situation. The generated state will be sent to the trusted server agent for subsequent step authentication request parameters, and will be temporarily written into the local storage by the Internet terminal extension. The specific storage method is not specifically limited here, and those skilled in the art can flexibly choose according to the actual situation, such as cookies, etc. Take it out when the Internet terminal expands to execute subsequent steps, and send it to the website server as one of the verification parameters of the authentication verification callback address, so that the website server can judge whether it is a safe and reasonable request.

可信服务器代理根据预存的目标网站身份信息、注册信息和随机数state向网站服务器发送认证请求以获取认证请求反馈信息;The trusted server agent sends an authentication request to the website server according to the pre-stored target website identity information, registration information and random number state to obtain authentication request feedback information;

可信服务器代理将所述认证请求反馈信息及预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。即:上网终端扩展基于目标网站的可访问地址新建页面窗口,同时根据认证检验回调地址向网站服务器发送身份信息、注册信息完成认证操作并接收反馈认证信息。The trusted server agent sends the authentication request feedback information and the pre-stored authentication verification callback address to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation. That is: the Internet terminal expands the new page window based on the accessible address of the target website, and at the same time sends identity information and registration information to the website server according to the authentication verification callback address to complete the authentication operation and receive feedback authentication information.

如图4所示,本发明实施中一种优选方式,所述将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:As shown in FIG. 4 , a preferred manner in the implementation of the present invention, the sending of the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes:

用户代理将目标网站身份信息、注册信息向网站服务器发送认证请求以获取认证请求反馈信息,所述认证请求反馈信息包含:反馈登录认证信息和可用于验证登录授权状态的token;其中,所述token为网站服务器验证用户是否已登录授权的标识令牌,生成方式有多种方式,在此不作具体限定,本领域技术人员可以根据实际情况灵活选择,如浏览器应用常用的cookie等。The user agent sends an authentication request to the website server with the identity information and registration information of the target website to obtain the authentication request feedback information. The authentication request feedback information includes: feedback login authentication information and a token that can be used to verify the login authorization status; wherein the token There are many ways to generate the identification token for the website server to verify whether the user is authorized to log in, which are not specifically limited here. Those skilled in the art can flexibly choose according to the actual situation, such as commonly used cookies in browser applications.

用户代理基于认证请求反馈信息完成认证操作,当用户选择跨设备应用访问目标网站时,基于上网终端扩展标识向上网终端扩展发送目标网站的可访问地址及上述token;The user agent completes the authentication operation based on the feedback information of the authentication request, and when the user selects a cross-device application to access the target website, the accessible address of the target website and the above-mentioned token are sent to the Internet terminal extension based on the Internet terminal extension identifier;

用户代理将所述认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。即:上网终端扩展基于目标网站的可访问地址新建页面窗口,并利用接收到的token访问网站服务器以验证登录授权,若验证通过,则接收网站服务器反馈的登录认证信息。The user agent sends the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation. That is: the Internet terminal expands a new page window based on the accessible address of the target website, and uses the received token to access the website server to verify the login authorization. If the verification is passed, it receives the login authentication information fed back by the website server.

如图5、6所示,本发明实施中一种优选方式,所述将目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:As shown in Figures 5 and 6, a preferred mode in the implementation of the present invention, the sending of the target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes:

用户代理将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理或终端扩展服务器;The user agent sends the identity information of the target website, the registration information and the extended identification of the Internet terminal to the trusted server agent or the terminal extended server;

可信服务器代理或终端扩展服务器将所述目标网站身份信息、注册信息和预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作,其中,所述上网终端扩展监听所述可信服务器代理或终端扩展服务器的请求,并接收目标网站身份信息、注册信息和预存的认证检验回调地址。上网终端扩展基于目标网站的可访问地址新建页面窗口,同时根据认证检验回调地址向网站服务器发送身份信息、注册信息完成认证操作并接收反馈认证信息。The trusted server agent or the terminal extension server sends the target website identity information, registration information and pre-stored authentication verification callback address to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension can send the The authentication request completes the authentication operation, wherein the Internet terminal extension listens to the request of the trusted server agent or the terminal extension server, and receives the target website identity information, registration information, and pre-stored authentication verification callback address. The Internet terminal expands the new page window based on the accessible address of the target website, and at the same time sends identity information and registration information to the website server according to the authentication verification callback address to complete the authentication operation and receive feedback authentication information.

如图7所示,本实施例中,步骤S1中,获取上网终端扩展标识包括:As shown in Figure 7, in this embodiment, in step S1, obtaining the extended identification of the Internet access terminal includes:

S11、用户通过主密码登录/激活用户代理;S11. The user logs in/activates the user agent through the master password;

S12、上网终端扩展生成临时的唯一UUID,等待用户代理的授权请求后将UUID发送给用户代理和终端扩展服务器;S12. The Internet terminal extension generates a temporary unique UUID, and sends the UUID to the user agent and the terminal extension server after waiting for an authorization request from the user agent;

S13、用户代理接收到上网终端扩展发来的UUID后,转发至终端扩展服务器,由终端扩展服务器进行UUID校验;S13. After the user agent receives the UUID sent by the Internet terminal extension, it forwards it to the terminal extension server, and the terminal extension server performs UUID verification;

S14、终端扩展服务器识别并匹配从上网终端扩展和用户代理得到的UUID,若匹配成功,则根据UUID生成并返回上网终端扩展标识至用户代理。S14. The terminal extension server identifies and matches the UUID obtained from the Internet terminal extension and the user agent, and if the matching is successful, generates and returns the Internet terminal extension identifier to the user agent according to the UUID.

本实施例中,步骤S1中的所述获取上网终端扩展标识包括:In this embodiment, the acquisition of the extended identification of the Internet access terminal in step S1 includes:

S111、用户通过主密码登录/激活用户代理,记录user_id;S111, the user logs in/activates the user agent through the master password, and records the user_id;

S112、上网终端扩展生成临时的唯一UUID,等待用户代理的授权请求后将UUID发送给用户代理和终端扩展服务器,同时记录用户代理授权时发来的user_id;S112, the Internet terminal extension generates a temporary unique UUID, and sends the UUID to the user agent and the terminal extension server after waiting for the authorization request of the user agent, and simultaneously records the user_id sent when the user agent authorizes;

S113、终端扩展服务器接收上网终端扩展发来的UUID,记录扩展唯一标识,建立UUID和扩展唯一标识的映射关系;S113. The terminal extension server receives the UUID sent by the Internet terminal extension, records the extended unique identifier, and establishes a mapping relationship between the UUID and the extended unique identifier;

需要说明的是,所述扩展唯一标识可以是唯一指向上网终端扩展的扩展id,也可以是能与扩展建立长连接的网络链接标识,如websocket的长连接socketid,在此不作具体限定,本领域技术人员可以根据实际情况灵活选择。It should be noted that the extension unique identifier can be the extension id uniquely pointing to the extension of the Internet terminal, or a network link identifier capable of establishing a long connection with the extension, such as the long connection socketid of websocket, which is not specifically limited here. Technicians can choose flexibly according to the actual situation.

S114、用户代理接收到上网终端扩展发来的UUID,将user_id和UUID发送至终端扩展服务器,由终端扩展服务器进行UUID校验;S114. The user agent receives the UUID sent by the Internet terminal extension, sends the user_id and the UUID to the terminal extension server, and the terminal extension server performs UUID verification;

S115、终端扩展服务器接收用户代理发来的用user_id和UUID,识别并匹配从上网终端扩展和用户代理得到的UUID,若匹配成功,建立起user_id和扩展唯一标识的映射关系,同时删除第一步中UUID和扩展唯一标识的映射关系,并对UUID进行过期处理;S115, the terminal extension server receives the user_id and UUID sent by the user agent, identifies and matches the UUID obtained from the Internet terminal extension and the user agent, if the match is successful, establishes the mapping relationship between user_id and the extended unique identifier, and deletes the first step at the same time The mapping relationship between UUID and extended unique identifier, and expire UUID;

在具体实施中,上网终端扩展可以基于S502存储的user_id周期性更新终端扩展服务器中的user_id和扩展唯一标识的映射关系,以确保扩展唯一标识的唯一性与实时性。同时终端扩展服务器可以为存储中的user_id和扩展唯一标识的映射关系设置一定的记录时限,超过一定时间就需要用户代理重新授权上网终端扩展,以提高安全性。In a specific implementation, the Internet access terminal extension may periodically update the mapping relationship between the user_id and the extended unique identifier in the terminal extension server based on the user_id stored in S502, so as to ensure the uniqueness and real-time performance of the extended unique identifier. At the same time, the terminal extension server can set a certain recording time limit for the mapping relationship between the stored user_id and the extended unique identifier. After a certain period of time, the user agent needs to re-authorize the Internet terminal extension to improve security.

S116、当用户代理想要进行相关认证操作时,发送user_id到终端扩展服务器,由终端扩展服务器查询user_id和扩展唯一标识的映射关系,查询成功则返回扩展唯一标识给到用户代理。S116. When the user agent wants to perform relevant authentication operations, it sends the user_id to the terminal extension server, and the terminal extension server queries the mapping relationship between the user_id and the extended unique identifier. If the query is successful, the extended unique identifier is returned to the user agent.

如图8所示,本发明还提供一种网络身份跨设备应用快速认证系统,包括:As shown in Figure 8, the present invention also provides a network identity cross-device application fast authentication system, including:

获取模块,用于用户代理获取上网终端扩展标识;An acquisition module, used for the user agent to acquire the extended identifier of the Internet access terminal;

处理模块,用于根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈令牌,或者通过可信服务器代理/终端扩展服务器转发目标网站身份信息和注册信息;A processing module, configured to send an authentication request to the website server to obtain an authentication request feedback token according to the pre-stored target website identity information and registration information, or forward the target website identity information and registration information through the trusted server proxy/terminal extension server;

认证模块,用于将认证请求反馈信息、或者目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便所述上网终端扩展利用所述认证请求反馈信息、或者目标网站身份信息和注册信息向网站服务器发送认证请求完成认证操作。An authentication module, configured to send authentication request feedback information, or target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension can use the authentication request feedback information, or the target website The website identity information and registration information send an authentication request to the website server to complete the authentication operation.

作为优选,所述认证模块配置为:通过可信服务器代理根据身份信息和所述注册信息向所述网站服务器发送认证请求以获取认证请求反馈信息,并将认证请求反馈信息和预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。Preferably, the authentication module is configured to: send an authentication request to the website server through the trusted server agent according to the identity information and the registration information to obtain the authentication request feedback information, and call back the authentication request feedback information and the pre-stored authentication check The address is sent to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation.

作为优选,所述认证模块配置为:将身份信息和所述注册信息向网站服务器发送认证请求以获取认证请求反馈信息,并将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。Preferably, the authentication module is configured to: send an authentication request to the website server with the identity information and the registration information to obtain authentication request feedback information, and send the authentication request feedback information to the Internet access terminal corresponding to the Internet access terminal extension identifier extension, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation.

作为优选,所述认证模块配置为:将目标网站身份信息、注册信息及扩展标识发送至可信服务器代理或终端扩展服务器;并将所述目标网站身份信息和注册信息转发至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。Preferably, the authentication module is configured to: send the target website identity information, registration information and extension identification to a trusted server agent or terminal extension server; and forward the target website identity information and registration information to the Internet access terminal extension The corresponding Internet access terminal extension is identified, so that the Internet access terminal extension sends an authentication request to the website server to complete the authentication operation.

本发明还提供一种用户代理设备,包括:The present invention also provides a user agent device, including:

存储器,用于存储网络身份认证程序;A memory for storing a network identity authentication program;

处理器,用于执行所述网络身份认证程序时实现网络身份跨设备应用快速认证方法。The processor is configured to implement the network identity cross-device application fast authentication method when executing the network identity authentication program.

本发明还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有网络身份认证程序,所述网络身份认证程序被处理器执行时实现网络身份跨设备应用快速认证方法。The present invention also provides a computer-readable storage medium, wherein a network identity authentication program is stored on the computer-readable storage medium, and when the network identity authentication program is executed by a processor, a fast authentication method for network identity cross-device application is realized.

显然,本领域的技术人员可以对本发明进行各种改动和变形而不脱离本发明的精神和范围。应注意到的是,以上所述仅为本发明的具体实施例,并不限制本发明,凡在本发明的精神和原则之内,所做的调制和优化,皆应属本发明权利要求的涵盖范围。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. It should be noted that the above descriptions are only specific embodiments of the present invention, and do not limit the present invention. All adjustments and optimizations made within the spirit and principles of the present invention shall belong to the claims of the present invention. coverage.

Claims (5)

1.一种网络身份跨设备应用快速认证方法,其特征在于,包括:1. A network identity cross-device application quick authentication method, is characterized in that, comprises: 用户代理获取上网终端扩展标识;The user agent obtains the extended identifier of the Internet access terminal; 根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈信息,或者通过可信服务器代理转发目标网站身份信息和注册信息;Send an authentication request to the website server according to the pre-stored identity information and registration information of the target website to obtain the feedback information of the authentication request, or forward the identity information and registration information of the target website through a trusted server agent; 将认证请求反馈信息、或者目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便所述上网终端扩展利用所述认证请求反馈信息、或者目标网站身份信息和注册信息向网站服务器发送认证请求完成认证操作;sending the authentication request feedback information, or the target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension uses the authentication request feedback information, or the target website identity information and registration information The information sends an authentication request to the website server to complete the authentication operation; 其中,获取上网终端扩展标识包括:Among them, obtaining the extended identifier of the Internet access terminal includes: 用户登录或激活用户代理;the user logs in or activates a user agent; 上网终端扩展生成临时的唯一UUID,等待用户代理的授权请求后将UUID发送给用户代理和终端扩展服务器;The Internet terminal extension generates a temporary unique UUID, and sends the UUID to the user agent and the terminal extension server after waiting for the authorization request of the user agent; 用户代理接收到上网终端扩展发来的UUID后,转发至终端扩展服务器,由终端扩展服务器进行UUID校验;After receiving the UUID sent by the Internet terminal extension, the user agent forwards it to the terminal extension server, and the terminal extension server performs UUID verification; 终端扩展服务器识别并匹配从上网终端扩展和用户代理得到的UUID,若匹配成功,则根据UUID生成并返回上网终端扩展标识至用户代理;The terminal extension server identifies and matches the UUID obtained from the Internet terminal extension and the user agent, and if the match is successful, generates and returns the Internet terminal extension identifier to the user agent according to the UUID; 或者,所述获取上网终端扩展标识包括:Alternatively, the obtaining the extended identifier of the Internet access terminal includes: 用户登录或激活用户代理,记录user_id;The user logs in or activates the user agent, and records the user_id; 上网终端扩展生成临时的唯一UUID,等待用户代理的授权请求后将UUID发送给用户代理和终端扩展服务器,同时记录用户代理授权时发来的user_id;The Internet terminal extension generates a temporary unique UUID, waits for the authorization request of the user agent, and sends the UUID to the user agent and the terminal extension server, and records the user_id sent by the user agent when it is authorized; 终端扩展服务器接收上网终端扩展发来的UUID,记录扩展唯一标识,建立UUID和扩展唯一标识的映射关系;The terminal extension server receives the UUID sent by the Internet terminal extension, records the extended unique identifier, and establishes the mapping relationship between the UUID and the extended unique identifier; 用户代理接收到上网终端扩展发来的UUID,将user_id和UUID发送至终端扩展服务器,由终端扩展服务器进行UUID校验;The user agent receives the UUID sent by the Internet terminal extension, sends the user_id and UUID to the terminal extension server, and the terminal extension server performs UUID verification; 终端扩展服务器接收用户代理发来的user_id和UUID,识别并匹配从上网终端扩展和用户代理得到的UUID,若匹配成功,建立起user_id和扩展唯一标识的映射关系,同时删除第一步中UUID和扩展唯一标识的映射关系,并对UUID进行过期处理;The terminal extension server receives the user_id and UUID sent by the user agent, identifies and matches the UUID obtained from the Internet terminal extension and the user agent, and if the match is successful, establishes the mapping relationship between user_id and the extended unique identifier, and deletes the UUID and UUID in the first step. Extend the mapping relationship of unique identifiers and perform expiration processing on UUID; 当用户代理想要进行相关认证操作时,发送user_id到终端扩展服务器,由终端扩展服务器查询user_id和扩展唯一标识的映射关系,查询成功则返回上网终端扩展标识给到用户代理,When the user agent wants to perform relevant authentication operations, it sends the user_id to the terminal extension server, and the terminal extension server queries the mapping relationship between user_id and the extended unique identifier. If the query is successful, it returns the Internet terminal extension identifier to the user agent. 其中,将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:Wherein, sending the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes: 用户代理将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理;The user agent sends the target website identity information, registration information and Internet terminal extension identification to the trusted server agent; 可信服务器代理根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈信息;The trusted server agent sends an authentication request to the website server according to the pre-stored target website identity information and registration information to obtain the authentication request feedback information; 可信服务器代理将所述认证请求反馈信息及预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作;The trusted server agent sends the authentication request feedback information and the pre-stored authentication verification callback address to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation; 或者,所述将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:Alternatively, the sending the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes: 用户代理将目标网站身份信息、注册信息向网站服务器发送认证请求以获取认证请求反馈信息;The user agent sends the identity information and registration information of the target website to the website server to obtain the authentication request feedback information; 用户代理将所述认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作;The user agent sends the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation; 或者,所述将认证请求反馈信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:Alternatively, the sending the authentication request feedback information to the Internet terminal extension corresponding to the Internet terminal extension identifier includes: 用户代理将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理;The user agent sends the target website identity information, registration information and Internet terminal extension identification to the trusted server agent; 所述上网终端扩展根据监听所述可信服务器代理的请求,将生成随机数state发送给所述可信服务器代理;The Internet terminal extension sends the generated random number state to the trusted server agent according to the request of listening to the trusted server agent; 可信服务器代理根据预存的目标网站身份信息、注册信息和随机数state向网站服务器发送认证请求以获取认证请求反馈信息;The trusted server agent sends an authentication request to the website server according to the pre-stored target website identity information, registration information and random number state to obtain authentication request feedback information; 可信服务器代理将所述认证请求反馈信息及预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作;The trusted server agent sends the authentication request feedback information and the pre-stored authentication verification callback address to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends an authentication request to the website server to complete the authentication operation; 用户代理将预存的目标网站的可访问地址发送上网终端扩展,以便上网终端扩展新建目标网站页面窗口;The user agent sends the pre-stored accessible address of the target website to the Internet terminal extension, so that the Internet terminal extension can create a new target website page window; 所述上网终端扩展监听所述可信服务器代理的请求,并接收所述认证请求反馈信息及预存的认证检验回调地址;The Internet terminal extension monitors the request of the trusted server agent, and receives the authentication request feedback information and the pre-stored authentication verification callback address; 所述认证请求反馈信息包含:反馈登录认证信息和可用于验证登录授权状态的token;其中,所述token为网站服务器验证用户是否已登录授权的标识令牌。The authentication request feedback information includes: feedback login authentication information and a token that can be used to verify the status of login authorization; wherein, the token is an identification token for the website server to verify whether the user has logged in and authorized. 2.一种网络身份跨设备应用快速认证系统,其特征在于,包括:2. A network identity cross-device application rapid authentication system, characterized in that it comprises: 获取模块,用于用户代理获取上网终端扩展标识;An acquisition module, used for the user agent to acquire the extended identifier of the Internet access terminal; 处理模块,用于根据预存的目标网站身份信息和注册信息向网站服务器发送认证请求以获取认证请求反馈信息,或者通过可信服务器代理转发目标网站身份信息和注册信息;A processing module, configured to send an authentication request to the website server to obtain authentication request feedback information according to the pre-stored target website identity information and registration information, or forward the target website identity information and registration information through a trusted server agent; 认证模块,用于将认证请求反馈信息、或者目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展,以便所述上网终端扩展利用所述认证请求反馈信息、或者目标网站身份信息和注册信息向网站服务器发送认证请求完成认证操作;用户代理将预存的目标网站的可访问地址发送上网终端扩展,以便上网终端扩展新建目标网站页面窗口;An authentication module, configured to send authentication request feedback information, or target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension can use the authentication request feedback information, or the target website The website identity information and registration information send an authentication request to the website server to complete the authentication operation; the user agent sends the pre-stored accessible address of the target website to the Internet terminal extension, so that the Internet terminal extension can create a new target website page window; 所述认证模块配置为:将目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:通过可信服务器代理根据身份信息和所述注册信息向所述网站服务器发送认证请求以获取认证请求反馈信息,并将认证请求反馈信息和预存的认证检验回调地址发送至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。The authentication module is configured to: sending the identity information and registration information of the target website to the Internet terminal extension corresponding to the Internet terminal extension identifier includes: sending the target website identity information and registration information to the website server through a trusted server agent according to the identity information and the registration information. The authentication request is to obtain the authentication request feedback information, and the authentication request feedback information and the pre-stored authentication verification callback address are sent to the Internet terminal extension corresponding to the Internet terminal extension identifier, so that the Internet terminal extension sends the authentication request to the website server to complete Authentication operation. 3.根据权利要求2所述网络身份跨设备应用快速认证系统,其特征在于,所述认证模块配置为:将目标网站身份信息和注册信息发送至所述上网终端扩展标识相对应的上网终端扩展包括:将目标网站身份信息、注册信息及上网终端扩展标识发送至可信服务器代理;并将所述目标网站身份信息和注册信息转发至所述上网终端扩展标识相对应的上网终端扩展,以便上网终端扩展向所述网站服务器发送认证请求完成认证操作。3. The network identity cross-device application rapid authentication system according to claim 2, wherein the authentication module is configured to: send the target website identity information and registration information to the Internet terminal extension corresponding to the Internet terminal extension identifier Including: sending the target website identity information, registration information and Internet terminal extension identification to the trusted server agent; and forwarding the target website identity information and registration information to the Internet access terminal extension corresponding to the Internet access terminal extension identification, so as to access the Internet The terminal extension sends an authentication request to the website server to complete the authentication operation. 4.一种用户代理设备,其特征在于,包括:4. A user agent device, characterized in that, comprising: 存储器,用于存储网络身份认证程序;A memory for storing a network identity authentication program; 处理器,用于执行所述网络身份认证程序时实现如权利要求1所述网络身份跨设备应用快速认证方法的步骤。A processor, configured to implement the steps of the method for fast authentication of cross-device network identity applications according to claim 1 when executing the network identity authentication program. 5.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有网络身份认证程序,所述网络身份认证程序被处理器执行时实现如权利要求1所述网络身份跨设备应用快速认证方法。5. A computer-readable storage medium, characterized in that, a network identity authentication program is stored on the computer-readable storage medium, and when the network identity authentication program is executed by a processor, network identity crossover as claimed in claim 1 is realized. The device applies the fast authentication method.
CN202110259933.2A 2021-03-10 2021-03-10 Network identity cross-device application fast authentication method and system, user agent device Active CN112929388B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110259933.2A CN112929388B (en) 2021-03-10 2021-03-10 Network identity cross-device application fast authentication method and system, user agent device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110259933.2A CN112929388B (en) 2021-03-10 2021-03-10 Network identity cross-device application fast authentication method and system, user agent device

Publications (2)

Publication Number Publication Date
CN112929388A CN112929388A (en) 2021-06-08
CN112929388B true CN112929388B (en) 2022-11-01

Family

ID=76172380

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110259933.2A Active CN112929388B (en) 2021-03-10 2021-03-10 Network identity cross-device application fast authentication method and system, user agent device

Country Status (1)

Country Link
CN (1) CN112929388B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553573B (en) * 2022-02-23 2024-05-28 中国工商银行股份有限公司 Identity authentication method and device
CN115022068A (en) * 2022-06-17 2022-09-06 武汉思普崚技术有限公司 An authentication method and system based on user DingTalk
CN115484092A (en) * 2022-09-13 2022-12-16 中国银行股份有限公司 Unified identity authentication method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013001573A1 (en) * 2011-06-29 2013-01-03 パイオニア株式会社 Account management system, and account management system control method and program
CN104270338A (en) * 2014-09-01 2015-01-07 刘文印 A method and system of electronic identity registration and authentication login
WO2016078419A1 (en) * 2014-11-20 2016-05-26 中兴通讯股份有限公司 Open authorization method, device and open platform
CN105871878A (en) * 2016-05-06 2016-08-17 张红军 Login method and system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5844001B2 (en) * 2012-04-01 2016-01-13 オーセンティファイ・インクAuthentify Inc. Secure authentication in multi-party systems
US9038138B2 (en) * 2012-09-10 2015-05-19 Adobe Systems Incorporated Device token protocol for authorization and persistent authentication shared across applications
CN102984127B (en) * 2012-11-05 2015-06-03 武汉大学 User-centered mobile internet identity managing and identifying method
CN103856446B (en) * 2012-11-30 2018-01-09 腾讯科技(深圳)有限公司 A kind of login method, device and open platform system
WO2014201636A1 (en) * 2013-06-19 2014-12-24 华为技术有限公司 Identity login method and device
CN108270764B (en) * 2017-01-04 2020-06-02 腾讯科技(深圳)有限公司 Application login method, server and mobile terminal
US20190028460A1 (en) * 2017-07-19 2019-01-24 JumpCloud, Inc. Low-overhead single sign on
CN207442908U (en) * 2017-11-16 2018-06-01 广东工业大学 A network identity authentication device and a login device
CN107809438A (en) * 2017-11-16 2018-03-16 广东工业大学 A kind of network authentication method, system and its user agent device used
KR102105110B1 (en) * 2018-04-11 2020-04-27 주식회사 수퍼블리 Method and system for simple login service and apparatus therefor

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013001573A1 (en) * 2011-06-29 2013-01-03 パイオニア株式会社 Account management system, and account management system control method and program
CN104270338A (en) * 2014-09-01 2015-01-07 刘文印 A method and system of electronic identity registration and authentication login
CN107302539A (en) * 2014-09-01 2017-10-27 刘文印 Method and its system that a kind of electronic identity registration and certification are logged in
WO2016078419A1 (en) * 2014-11-20 2016-05-26 中兴通讯股份有限公司 Open authorization method, device and open platform
CN105871878A (en) * 2016-05-06 2016-08-17 张红军 Login method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种在Android移动终端实现单点登录的新方法;田野等;《计算机技术与发展》;20170307(第04期);全文 *
基于xPON+EOC面向NGB的认证方式优化;舒兴勇;《网络新媒体技术》;20130715(第04期);全文 *

Also Published As

Publication number Publication date
CN112929388A (en) 2021-06-08

Similar Documents

Publication Publication Date Title
US11647003B2 (en) Concealing internal applications that are accessed over a network
CA2689847C (en) Network transaction verification and authentication
US10601813B2 (en) Cloud-based multi-factor authentication for network resource access control
WO2022247751A1 (en) Method, system and apparatus for remotely accessing application, device, and storage medium
EP2232401B1 (en) System, method and program product for consolidated authentication
CN112929388B (en) Network identity cross-device application fast authentication method and system, user agent device
JP2007200316A (en) Network communication system and method for establishing a secure communication link between a network server and a client device over a computer network
JP2007310512A (en) Communication system, service providing server, and user authentication server
US11784993B2 (en) Cross site request forgery (CSRF) protection for web browsers
CN107370765A (en) A kind of ftp server identity identifying method and system
US7917941B2 (en) System and method for providing physical web security using IP addresses
JP2018502394A (en) Computer-readable storage medium for legacy integration and method and system for using the same
CN113746811A (en) Login method, device, equipment and readable storage medium
US10791119B1 (en) Methods for temporal password injection and devices thereof
CN114374529B (en) Resource access method, device, system, electronic device, medium and program
JP7099198B2 (en) Management equipment, management systems and programs
US11177958B2 (en) Protection of authentication tokens
CN113114464B (en) Unified security management system and identity authentication method
CN101232379B (en) Method for implementing system login, information technology system and communication system
CN112395586A (en) File access control method, device, system, storage medium and electronic device
JP2004021761A (en) Authentication access control server device, authentication access control method, authentication access control program, and storage medium with the program stored therein
EP2750348A1 (en) A login recovery system
TWI795148B (en) Device, method and system of handling access control
TW201824887A (en) System for using authentication server to implement free login in server group and method thereof
CN115396133A (en) Access method and device of application system, gateway and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant