CN1855814A - Safety uniform certificate verification design - Google Patents
Safety uniform certificate verification design Download PDFInfo
- Publication number
- CN1855814A CN1855814A CN 200510067872 CN200510067872A CN1855814A CN 1855814 A CN1855814 A CN 1855814A CN 200510067872 CN200510067872 CN 200510067872 CN 200510067872 A CN200510067872 A CN 200510067872A CN 1855814 A CN1855814 A CN 1855814A
- Authority
- CN
- China
- Prior art keywords
- user
- portal
- resource
- credential
- scheme
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
在分布式网络环境中,用户在跨域访问网络资源时需要多次出示身份认证凭证进行系统登录,带来了效率低下,安全隐患重重的问题。本发明是一种安全实用的统一身份认证方案,提供在分布式网络环境中的统一身份认证机制,利用标准浏览器的Cookie机制和重定向功能,在门户站点集中认证用户,安全传递用户认证后的凭证到资源站点,由资源站点解释用户访问权限并响应其访问请求。本发明实现了用户只需一次登录,即可多次安全访问所有资源站点的功能。
In a distributed network environment, users need to present their identity authentication credentials multiple times to log in to the system when accessing network resources across domains, which brings low efficiency and many security risks. The present invention is a safe and practical unified identity authentication scheme, which provides a unified identity authentication mechanism in a distributed network environment, utilizes the cookie mechanism and redirection function of standard browsers, centrally authenticates users at portal sites, and securely transmits user authentication credentials to the resource site, and the resource site interprets the user's access rights and responds to their access requests. The invention realizes the function that the user can safely visit all resource sites for multiple times only by logging in once.
Description
一.技术领域1. Technical field
本发明属于计算机网络安全和密码技术领域,是一种基于WEB方式,实现跨域身份认证的安全认证方案,实现了单一登录多次访问的安全认证机制。适用于有统一身份认证需求的,要求实现单一登录的跨域安全认证应用场景。The invention belongs to the field of computer network security and password technology, and is a security authentication scheme based on a WEB mode to realize cross-domain identity authentication, and realizes a security authentication mechanism for single login and multiple visits. It is suitable for application scenarios requiring unified identity authentication and cross-domain security authentication that requires single sign-on.
二.背景技术2. Background technology
目前,分布式系统的用户身份认证普遍采用的是分散登录、分散管理,各子系统之间由于缺乏良好的通用性,频繁的身份注册和隐藏的安全隐患成为突出问题。在众多需要登录的管理系统中,我们最通常的方法是,注册通用的用户名和口令。然而,由于不同系统的安全机制强弱不同,一旦用户在某个系统中的注册信息丢失,则意味着其它系统的安全机制丧失;若不同系统用不同的身份注册,则要记住太多的信息。因此,信息系统需要有一个统一的、具有较高安全控制的身份验证系统,以保证数据安全和用户操作方便。At present, user identity authentication in distributed systems generally adopts decentralized login and decentralized management. Due to the lack of good commonality among subsystems, frequent identity registration and hidden security risks have become prominent problems. Among the many management systems that need to log in, our most common method is to register a common user name and password. However, because the security mechanisms of different systems are different, once the user's registration information in one system is lost, it means that the security mechanisms of other systems are lost; if different systems register with different identities, it is necessary to remember too many information. Therefore, the information system needs a unified identity verification system with high security control to ensure data security and user convenience.
三.发明简要3. Brief introduction of the invention
为了克服现有的用户身份认证机制的不足,本发明提供一种安全用户身份认证机制,该机制不仅能识别用户身份,而且能方便地实现用户跨域自动识别用户身份,即用户在跨域访问资源时,只需出示一次身份凭证就可以实现安全登录多个域来访问资源。In order to overcome the deficiencies of the existing user identity authentication mechanism, the present invention provides a secure user identity authentication mechanism, which can not only identify the user identity, but also conveniently realize the user's cross-domain automatic identification of the user identity, that is, the user accesses the When accessing resources, you only need to present your credentials once to securely log in to multiple domains to access resources.
四.发明内容4. Contents of the invention
我们将分三部分介绍本方案解决其技术问题所采用的技术方案,在4.1节我们介绍该方案的整体框架,在4.2节介绍方案运行的细节,在4.3节介绍其安全性;第4.4节介绍本方案的应用场景。We will introduce the technical solution adopted by this program to solve its technical problems in three parts. In section 4.1 we introduce the overall framework of the program, in section 4.2 we introduce the details of the program operation, in section 4.3 we introduce its security; in section 4.4 we introduce The application scenario of this program.
术语及说明Terms and Descriptions
●门户:一个WEB站点,负责所有用户的管理和认证,提供用户选择资源的列表,需要权威机构颁发的X.509数字证书,能够与其他实体建立HTTPS连接,能够进行DES加解密算法,并保存有用于DES加解密的密钥,能够利用X.509数字证书所对应的私钥进行数字签名运算。●Portal: a WEB site, responsible for the management and authentication of all users, providing a list of resources selected by users, requiring an X.509 digital certificate issued by an authority, capable of establishing HTTPS connections with other entities, capable of performing DES encryption and decryption algorithms, and saving There is a key for DES encryption and decryption, and the private key corresponding to the X.509 digital certificate can be used for digital signature calculation.
●资源站点:WEB站点,信任门户,接受门户颁发给用户的认证凭证,能够利用门户的X.509数字证书进行验证数字签名运算。推荐使用支持HTTPS连接的服务器端设置。●Resource site: WEB site, trusted portal, accepts the authentication certificate issued by the portal to the user, and can use the portal's X.509 digital certificate to verify the digital signature calculation. A server-side setup that supports HTTPS connections is recommended.
●客户端:支持Cookie和重定向的标准浏览器。●Client: a standard browser that supports cookies and redirection.
●UID:用户登录门户的用户名。● UID: The user name of the user who logs in to the portal.
●passwd:用户登录门户的口令。● passwd: the password for the user to log in to the portal.
●UIP:用户客户端登录门户时的IP地址。●UIP: The IP address of the user client when logging in to the portal.
●RoleID:用户在门户上获得的角色号,它表明用户的类型,用户注册时,由门户的管理员根据用户特征决定。传递到资源站点时,由资源站点来解释其含义。●RoleID: The role number obtained by the user on the portal, which indicates the type of the user. When the user registers, it is determined by the administrator of the portal according to the user's characteristics. It is up to the resource site to interpret its meaning when passed to the resource site.
●timeInterval:门户定义的用户凭证的有效期时间长度。●timeInterval: The validity period of user credentials defined by the portal.
●WebServerURL:用户访问资源站点的URL。●WebServerURL: URL for users to access resource sites.
●Pcookie:其内容是用户通过认证后的相关信息,其结构为Ek(UID+RoleID+timeInterval+UIP),该结构表示使用k作为加密密钥,DES作为加密算法,加密UID+RoleID+timeInterval+UIP信息得到的结果,其中,k是门户为加密Pcookie产生的一个随机密码,以文件形式秘密存放在门户本地存储设备上。门户将Pcookie作为Cookie写入到用户端浏览器。●Pcookie: Its content is the relevant information after the user has passed the authentication. Its structure is Ek(UID+RoleID+timeInterval+UIP), which means that k is used as the encryption key, DES is used as the encryption algorithm, and UID+RoleID+timeInterval+ is encrypted. The result obtained from the UIP information, where k is a random password generated by the portal for encrypting the Pcookie, which is secretly stored in the portal's local storage device in the form of a file. The portal writes Pcookie as a cookie to the client browser.
●timeStamp:门户生成用户凭证时的当前门户的系统时间(时间戳)。● timeStamp: the current portal system time (timestamp) when the portal generates user credentials.
●Credential:门户颁发给合法用户的凭证,其结构为:RoleID+timeInterval+timeStamp+UIP+WebServerURL。●Credential: The credential issued by the portal to legal users, its structure is: RoleID+timeInterval+timeStamp+UIP+WebServerURL.
4.1方案介绍4.1 Program introduction
如附图1所示,(a)在SSL保护下,用户输入UID和passwd,登录门户,门户检查用户的UID和passwd是否合法,如果合法就(b)生成Pcookie,存储到用户浏览器上,否则就提示用户非法登录。As shown in Figure 1, (a) under the protection of SSL, the user enters UID and passwd to log in to the portal, and the portal checks whether the user's UID and passwd are legal. If it is legal, (b) generates a Pcookie and stores it in the user's browser. Otherwise, the user is prompted to log in illegally.
①用户访问相应的资源站点,②资源站点访问控制程序自动把用户访问请求重定向回门户,在这一过程中,门户程序会自动读取客户浏览器上的Pcookie,DES解密后提取Pcookie中的RoleID、timeInterval、UIP,以及获取的timeStamp、WebServerURL构造Credential,③门户利用其数字证书的私钥对Credential进行数字签名,并④把Credential及其签名通过用户浏览器重定向发送给资源站点的访问控制程序,资源站点对Credential的签名进行验证,同时对用户Credential的内容明文进行验证;如果资源站点收到的Credential合法,⑤资源站点就返回给用户所请求的资源。①The user visits the corresponding resource site, ②The access control program of the resource site automatically redirects the user's access request back to the portal. RoleID, timeInterval, UIP, and the obtained timeStamp and WebServerURL construct Credential, ③ the portal uses the private key of its digital certificate to digitally sign the Credential, and ④ sends the Credential and its signature to the access control of the resource site through redirection of the user browser program, the resource site verifies the signature of the Credential, and at the same time verifies the plaintext content of the user's Credential; if the Credential received by the resource site is legal, ⑤ the resource site returns the resource requested by the user.
4.2方案的运行细节4.2 Operation details of the scheme
如附图2所示,方案的运行过程分为三个阶段,初始化阶段、门户认证阶段和资源站点认证阶段。As shown in Figure 2, the operation process of the scheme is divided into three stages, initialization stage, portal authentication stage and resource site authentication stage.
4.2.1初始化阶段4.2.1 Initialization phase
首先,门户获得权威机构颁发的X.509数字证书,并存储在相应位置,门户的Web服务程序识别该X.509数字证书,并准备与任何用户的浏览器建立单向服务器认证的SSL连接,同时,该证书用来对发往资源站点的用户凭证进行数字签名。其次,资源站点需要从门户下载门户证书,用来对收到的用户凭证的签名进行验证。最后,用户需要在门户上注册用户信息,主要包括UID、passwd等,门户管理员根据用户注册信息特征分配给用户RoleID。First, the portal obtains the X.509 digital certificate issued by the authority and stores it in the corresponding location. The web service program of the portal recognizes the X.509 digital certificate and prepares to establish a one-way server-authenticated SSL connection with any user's browser. At the same time, the certificate is used to digitally sign user credentials sent to the resource site. Second, the resource site needs to download the portal certificate from the portal to verify the signature of the received user credentials. Finally, the user needs to register user information on the portal, mainly including UID, passwd, etc., and the portal administrator assigns a RoleID to the user according to the characteristics of the user registration information.
4.2.2门户认证阶段4.2.2 Portal authentication stage
这一阶段分两个过程:用户登录门户获得合法用户身份凭证,即存储在客户端浏览器中的Pcookie;另一个过程是,用户访问资源站点过程中,进行的用户认证过程。This stage is divided into two processes: the user logs in to the portal to obtain the legal user identity certificate, that is, the Pcookie stored in the client browser; the other process is the user authentication process during the user's access to the resource site.
(1)用户通过浏览器与门户建立基于SSL的安全连接,并同时对门户的身份进行认证。(1) The user establishes an SSL-based secure connection with the portal through a browser, and at the same time authenticates the identity of the portal.
(2)用户输入UID和passwd,登录门户。(2) The user enters the UID and passwd to log in to the portal.
(3)用户登录成功后,门户查找该UID对应的RoleID。门户构造Pcookie写入到用户端。Pcookie的明文内容为:UID+RoleID+timeInterval+UIP,将这个结构用DES加密后作为cookie存储在客户端。(3) After the user logs in successfully, the portal searches for the RoleID corresponding to the UID. The portal constructs the Pcookie to be written to the client. The plaintext content of Pcookie is: UID+RoleID+timeInterval+UIP, this structure is encrypted with DES and stored as a cookie on the client.
(4)用户可以通过两种方式来访问受保护的资源站点,一种是从门户提供的“资源列表,,里选择资源站点;另一种是用户直接访问资源站点。无论哪种情况,资源站点程序都会把用户重定向到门户,并把WebServerURL提交给门户。(4) Users can access protected resource sites in two ways, one is to select resource sites from the "resource list" provided by the portal; the other is to directly access resource sites. In either case, resource The site program will redirect the user to the portal and submit the WebServerURL to the portal.
(5)门户检查客户端浏览器中Pcookie是否存在:(5) The portal checks whether Pcookie exists in the client browser:
a)如果Pcookie不存在,则返回门户登录界面,要求用户登录门户。a) If the Pcookie does not exist, return to the portal login interface and require the user to log in to the portal.
b)如果Pcookie存在,对其进行DES解密,如果不能分离出有效的UID+RoleID+timeInterval+UIP结构,则认为Pcookie无效,给出错误信息并结束用户访问。如果能够正确分离,则Pcookie有效。门户构造Credential,结构为:RoleID+timeInterval+timeStamp+UIP+WebServerURL,并对Credential利用门户证书进行签名,签名算法默认是:SHA1withRSA。至此,用户得到了用户访问资源的凭证以及该凭证的门户签名。b) If the Pcookie exists, perform DES decryption on it, if the effective UID+RoleID+timeInterval+UIP structure cannot be separated, then consider the Pcookie invalid, give an error message and end the user visit. Pcookies are valid if they can be detached correctly. The portal constructs a Credential with a structure of: RoleID+timeInterval+timeStamp+UIP+WebServerURL, and signs the Credential with the portal certificate. The default signature algorithm is: SHA1withRSA. So far, the user has obtained the credentials of the user to access resources and the portal signature of the credentials.
4.2.3资源站点认证阶段4.2.3 Resource site authentication stage
该阶段资源站点根据前一阶段得到的Credential及其门户签名,对用户访问资源的合法性进行检查,对合法请求给予正确的响应。At this stage, the resource site checks the legitimacy of the user's access to resources based on the Credential and its portal signature obtained in the previous stage, and gives correct responses to legal requests.
(1)门户把用户重定向到资源站点,并把Credential及其签名以表单形式提交给资源站点的访问控制程序。(1) The portal redirects the user to the resource site, and submits the Credential and its signature to the resource site's access control program in the form of a form.
(2)资源站点收到门户的重定向请求,取出Credential,并利用门户的X.509数字证书对其签名进行验证:(2) The resource site receives the portal's redirection request, takes out the Credential, and uses the portal's X.509 digital certificate to verify its signature:
a)如果签名验证未通过,就认为这个重定向请求非法,给出错误信息,并结束用户访问。a) If the signature verification fails, the redirection request is considered illegal, an error message is given, and the user access is terminated.
b)如果签名验证通过,就取出Credential中的RoleID、UIP、timeInterval、timeStamp以及WebServerURL;b) If the signature verification is passed, take out the RoleID, UIP, timeInterval, timeStamp and WebServerURL in the Credential;
c)对用户凭证进行验证。c) Validate the user credentials.
●比较Credential中的UIP与当前用户IP,如果不同,则用户非法,终止访问;●Comparing the UIP in Credential with the current user IP, if they are different, the user is illegal and the access is terminated;
●如果相同,则比较资源站点的当前时间与timeStamp差值是否小于timeInterval,如果大于,说明Credential有效期已过,终止访问;●If they are the same, compare whether the difference between the current time of the resource site and timeStamp is less than timeInterval, if it is greater, it means that the validity period of the Credential has expired, and the access is terminated;
●否则,比较资源站点的域名是否包含在WebServerURL,如果不包含,就终止用户访问;●Otherwise, compare whether the domain name of the resource site is included in the WebServerURL, and if not, terminate the user access;
●否则就通过了用户凭证的验证过程。• Otherwise, the verification process of the user credentials is passed.
d)利用所获得的RoleID来进行本地的用户访问控制。d) Use the obtained RoleID to perform local user access control.
4.3方案的安全性4.3 Security of the scheme
4.3.1重放攻击4.3.1 Replay attack
在每次认证过程中,我们要求资源站点对用户目前的IP地址与Credential中的UIP比较,而Credential中的UIP来自于用户登录门户时的用户IP,如果是重放攻击,由于攻击者的IP与Credential中的IP不同,就会被资源站点拒绝。同时,由于Credential的门户签名是不可伪造,保证了Credential中的UIP不可伪造。另外,Credential的生存期由门户的时间戳与timeInterval决定,重放攻击的有效期也受到很大的限制。In each authentication process, we require the resource site to compare the current IP address of the user with the UIP in the Credential, and the UIP in the Credential comes from the user IP when the user logs in to the portal. If it is a replay attack, the attacker's IP If it is different from the IP in Credential, it will be rejected by the resource site. At the same time, since Credential's portal signature is unforgeable, it ensures that the UIP in Credential cannot be forged. In addition, the lifetime of Credential is determined by the portal's timestamp and timeInterval, and the validity period of replay attacks is also greatly limited.
4.3.2对于DoS攻击(拒绝服务攻击)4.3.2 For DoS attack (denial of service attack)
由于本系统不涉及入侵检测等防止DoS攻击的技术,所以不可抵御DOS攻击,要求各个实现站点部署相应的硬软件手段防止DoS攻击。Since this system does not involve technologies to prevent DoS attacks such as intrusion detection, it cannot resist DOS attacks, and requires each implementation site to deploy corresponding hardware and software means to prevent DoS attacks.
4.3.3SSL连接的安全性4.3.3 Security of SSL connections
要求门户必须具备权威机构颁发的证书,并且客户端承认其合法性才能建立客户端与门户站点的安全的基于SSL的连接。It is required that the portal must have a certificate issued by an authority, and the client recognizes its legitimacy in order to establish a secure SSL-based connection between the client and the portal site.
4.4该方案的应用场景4.4 Application Scenarios of the Solution
本发明是针对分布式网络环境下,用户跨域访问资源的应用场景。通过利用门户集中统一管理用户身份信息,利用DES加解密方法实现把用户认证后的合法身份存储到用户浏览器端,保证了用户合法身份不被泄漏;然后,用户凭借此合法身份凭证访问所有实施本发明的资源站点,不必再次参与用户认证过程,从而实现安全、方便的用户认证、访问资源。随着电子商务的发展,企业全球化的进程,网络用户跨多个域访问资源的需求十分迫切,本发明适合与多个相关行业,相关企业或者以其他形式形成联盟关系的网络域环境,进行用户认证管理场景。本发明已经运行在科技部主持的共享全国科技资源的“国家科技基础条件平台”项目中,显现出了巨大优势。The present invention is aimed at the application scenario where users access resources across domains in a distributed network environment. By using the portal to manage user identity information in a centralized and unified manner, the DES encryption and decryption method is used to store the legal identity of the user after authentication in the user's browser, ensuring that the user's legal identity is not leaked; The resource site of the present invention does not need to participate in the user authentication process again, thereby realizing safe and convenient user authentication and resource access. With the development of e-commerce and the process of enterprise globalization, network users have an urgent need to access resources across multiple domains. The present invention is suitable for multiple related industries, related enterprises, or network domain environments that form alliances in other forms. User authentication management scenario. The invention has already been used in the "National Science and Technology Fundamental Conditions Platform" project hosted by the Ministry of Science and Technology to share national science and technology resources, showing great advantages.
根据本方案,可以构造用户统一身份认证框架,整合现有的资源系统,并为以后新建资源系统的迁入提供规范的程序。一方面从用户角度,用户仅维护单一的身份凭证,而且仅需出示一次,就可以访问框架内所有域内资源;另一方面从各个资源域角度,不再需要独立维护一整套用户管理过程,仅需承认门户的用户的合法性就可以实现对用户的身份认证过程。本发明的潜在的巨大社会作用是能够推动网络应用的普及化和日常化。According to this scheme, a unified user identity authentication framework can be constructed, existing resource systems can be integrated, and standardized procedures can be provided for the migration of new resource systems in the future. On the one hand, from the perspective of the user, the user only maintains a single identity credential, and only needs to present it once to access all domain resources in the framework; on the other hand, from the perspective of each resource domain, it is no longer necessary to independently maintain a complete set of user management processes, only It is necessary to recognize the legitimacy of the portal user to realize the identity authentication process of the user. The potential huge social effect of the present invention is that it can promote the popularization and dailyization of network applications.
五.附图说明5. Description of drawings
附图1是本方案的整体方案图Accompanying drawing 1 is the overall plan diagram of this scheme
附图2是本方案的程序流程图。Accompanying drawing 2 is the program flowchart of this scheme.
Claims (2)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510067872 CN1855814A (en) | 2005-04-29 | 2005-04-29 | Safety uniform certificate verification design |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510067872 CN1855814A (en) | 2005-04-29 | 2005-04-29 | Safety uniform certificate verification design |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1855814A true CN1855814A (en) | 2006-11-01 |
Family
ID=37195686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510067872 Pending CN1855814A (en) | 2005-04-29 | 2005-04-29 | Safety uniform certificate verification design |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1855814A (en) |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101694663A (en) * | 2009-10-20 | 2010-04-14 | 上海欧菲司健康管理咨询有限公司 | System for one-station registering, logging and all-web authentication |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
| CN101902472A (en) * | 2010-07-09 | 2010-12-01 | 北京工业大学 | A Method of Pushing Remote Claims Based on Behavior in Trusted Networks |
| CN101207485B (en) * | 2007-08-15 | 2010-12-01 | 深圳市同洲电子股份有限公司 | System and method of unification identification safety authentication for users |
| WO2010148815A1 (en) * | 2009-12-21 | 2010-12-29 | 中兴通讯股份有限公司 | System and method for visiting a web application site by a wapi terminal |
| CN101610502B (en) * | 2009-07-23 | 2011-01-26 | 江苏鸿信系统集成有限公司 | Method for mobile information integration based on different business systems of mobile application portal |
| WO2011022950A1 (en) * | 2009-08-31 | 2011-03-03 | 中国移动通信集团公司 | Service access method, system and device based on wlan access authentication |
| CN102045398A (en) * | 2010-12-24 | 2011-05-04 | 杭州华三通信技术有限公司 | Portal-based distributed control method and equipment |
| CN101335626B (en) * | 2008-08-06 | 2011-05-18 | 中国网通集团宽带业务应用国家工程实验室有限公司 | Multi-stage authentication method and multi-stage authentication system |
| CN101399726B (en) * | 2007-09-29 | 2011-09-07 | 中国电信股份有限公司 | Method for WLAN terminal authentication |
| CN101399724B (en) * | 2007-09-28 | 2011-11-30 | 中国电信股份有限公司 | Disposal authentication method for network access and service application oriented to user |
| CN102469075A (en) * | 2010-11-09 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Integrated authentication method based on WEB single sign-on |
| CN102638441A (en) * | 2011-02-15 | 2012-08-15 | 中兴通讯股份有限公司 | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network |
| CN101605140B (en) * | 2009-07-16 | 2012-10-03 | 阿里巴巴集团控股有限公司 | Network user identity verification and authentication system and verification and authentication method |
| CN101998406B (en) * | 2009-08-31 | 2013-01-16 | 中国移动通信集团公司 | WLAN access authentication based method for accessing services |
| CN101848198B (en) * | 2009-03-24 | 2013-03-20 | 英业达股份有限公司 | Authorization sharing system and method thereof |
| CN103546432A (en) * | 2012-07-12 | 2014-01-29 | 腾讯科技(深圳)有限公司 | Method and system for realizing cross-domain jumping, browser and domain name servers |
| CN103634399A (en) * | 2013-11-29 | 2014-03-12 | 北京奇虎科技有限公司 | Method and device for realizing cross-domain data transmission |
| CN101998407B (en) * | 2009-08-31 | 2014-07-02 | 中国移动通信集团公司 | WLAN access authentication based method for accessing services |
| CN102006271B (en) * | 2008-09-02 | 2014-09-24 | F2威尔股份有限公司 | IP address secure multi-channel authentication for online transactions |
| CN104506518A (en) * | 2014-12-22 | 2015-04-08 | 中软信息系统工程有限公司 | Identity authentication method for access control of MIPS (Million Instructions Per Second) platform network system |
| CN104753895A (en) * | 2013-12-31 | 2015-07-01 | 北京新媒传信科技有限公司 | Authentication method and system for a plurality of sub-domain sites in parent domain site |
| CN108241803A (en) * | 2016-12-23 | 2018-07-03 | 航天星图科技(北京)有限公司 | A kind of access control method of heterogeneous system |
| CN108737350A (en) * | 2017-04-24 | 2018-11-02 | 腾讯科技(深圳)有限公司 | A kind of information processing method and client |
| CN112202813A (en) * | 2020-10-29 | 2021-01-08 | 杭州迪普科技股份有限公司 | Network access method and device |
-
2005
- 2005-04-29 CN CN 200510067872 patent/CN1855814A/en active Pending
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101207485B (en) * | 2007-08-15 | 2010-12-01 | 深圳市同洲电子股份有限公司 | System and method of unification identification safety authentication for users |
| CN101399724B (en) * | 2007-09-28 | 2011-11-30 | 中国电信股份有限公司 | Disposal authentication method for network access and service application oriented to user |
| CN101399726B (en) * | 2007-09-29 | 2011-09-07 | 中国电信股份有限公司 | Method for WLAN terminal authentication |
| CN101335626B (en) * | 2008-08-06 | 2011-05-18 | 中国网通集团宽带业务应用国家工程实验室有限公司 | Multi-stage authentication method and multi-stage authentication system |
| CN102006271B (en) * | 2008-09-02 | 2014-09-24 | F2威尔股份有限公司 | IP address secure multi-channel authentication for online transactions |
| CN101848198B (en) * | 2009-03-24 | 2013-03-20 | 英业达股份有限公司 | Authorization sharing system and method thereof |
| CN101605140B (en) * | 2009-07-16 | 2012-10-03 | 阿里巴巴集团控股有限公司 | Network user identity verification and authentication system and verification and authentication method |
| CN101610502B (en) * | 2009-07-23 | 2011-01-26 | 江苏鸿信系统集成有限公司 | Method for mobile information integration based on different business systems of mobile application portal |
| CN101998406B (en) * | 2009-08-31 | 2013-01-16 | 中国移动通信集团公司 | WLAN access authentication based method for accessing services |
| CN101998407B (en) * | 2009-08-31 | 2014-07-02 | 中国移动通信集团公司 | WLAN access authentication based method for accessing services |
| WO2011022950A1 (en) * | 2009-08-31 | 2011-03-03 | 中国移动通信集团公司 | Service access method, system and device based on wlan access authentication |
| RU2573212C2 (en) * | 2009-08-31 | 2016-01-20 | Чайна Мобайл Коммуникейшенс Корпорейшн | Method of accessing services, systems and devices based on wlan access authentication |
| CN101694663A (en) * | 2009-10-20 | 2010-04-14 | 上海欧菲司健康管理咨询有限公司 | System for one-station registering, logging and all-web authentication |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
| WO2010148815A1 (en) * | 2009-12-21 | 2010-12-29 | 中兴通讯股份有限公司 | System and method for visiting a web application site by a wapi terminal |
| CN101902472B (en) * | 2010-07-09 | 2013-04-24 | 北京工业大学 | Method for pushing remote declaration based on behaviors in trusted network |
| CN101902472A (en) * | 2010-07-09 | 2010-12-01 | 北京工业大学 | A Method of Pushing Remote Claims Based on Behavior in Trusted Networks |
| CN102469075A (en) * | 2010-11-09 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Integrated authentication method based on WEB single sign-on |
| CN102045398B (en) * | 2010-12-24 | 2013-08-28 | 杭州华三通信技术有限公司 | Portal-based distributed control method and equipment |
| CN102045398A (en) * | 2010-12-24 | 2011-05-04 | 杭州华三通信技术有限公司 | Portal-based distributed control method and equipment |
| CN102638441A (en) * | 2011-02-15 | 2012-08-15 | 中兴通讯股份有限公司 | Method and system for realizing single sign on (SSO) in IP multimedia subsystem (IMS) network |
| CN103546432A (en) * | 2012-07-12 | 2014-01-29 | 腾讯科技(深圳)有限公司 | Method and system for realizing cross-domain jumping, browser and domain name servers |
| US9686344B2 (en) | 2012-07-12 | 2017-06-20 | Tencent Technology (Shenzhen) Company Limited | Method for implementing cross-domain jump, browser, and domain name server |
| CN103546432B (en) * | 2012-07-12 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Realize method and system and browser, the name server of cross-domain redirect |
| CN103634399B (en) * | 2013-11-29 | 2017-02-08 | 北京奇虎科技有限公司 | Method and device for realizing cross-domain data transmission |
| CN103634399A (en) * | 2013-11-29 | 2014-03-12 | 北京奇虎科技有限公司 | Method and device for realizing cross-domain data transmission |
| CN104753895B (en) * | 2013-12-31 | 2018-05-11 | 北京新媒传信科技有限公司 | The authentication method and system of a kind of multiple subdomain websites under father field website |
| CN104753895A (en) * | 2013-12-31 | 2015-07-01 | 北京新媒传信科技有限公司 | Authentication method and system for a plurality of sub-domain sites in parent domain site |
| CN104506518A (en) * | 2014-12-22 | 2015-04-08 | 中软信息系统工程有限公司 | Identity authentication method for access control of MIPS (Million Instructions Per Second) platform network system |
| CN104506518B (en) * | 2014-12-22 | 2018-07-24 | 中软信息系统工程有限公司 | The identity identifying method of MIPS platform network system access controls |
| CN108241803A (en) * | 2016-12-23 | 2018-07-03 | 航天星图科技(北京)有限公司 | A kind of access control method of heterogeneous system |
| CN108241803B (en) * | 2016-12-23 | 2019-03-08 | 中科星图股份有限公司 | A kind of access control method of heterogeneous system |
| CN108737350A (en) * | 2017-04-24 | 2018-11-02 | 腾讯科技(深圳)有限公司 | A kind of information processing method and client |
| CN108737350B (en) * | 2017-04-24 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Information processing method and client |
| CN112202813A (en) * | 2020-10-29 | 2021-01-08 | 杭州迪普科技股份有限公司 | Network access method and device |
| CN112202813B (en) * | 2020-10-29 | 2023-04-18 | 杭州迪普科技股份有限公司 | Network access method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1855814A (en) | Safety uniform certificate verification design | |
| US9686272B2 (en) | Multi factor user authentication on multiple devices | |
| US10523659B2 (en) | Server authentication using multiple authentication chains | |
| USRE45327E1 (en) | Apparatus, systems and methods to provide authentication services to a legacy application | |
| CN104580184B (en) | Identity identifying method between mutual trust application system | |
| CN1735011A (en) | Method and device for detecting grid commands | |
| CN1274105C (en) | Dynamic password authentication method based on digital certificate implement | |
| CN101902327A (en) | A method, device and system for realizing single sign-on | |
| CN102035838B (en) | A trust service connection method and trust service system based on platform identity | |
| CN101064717A (en) | Safety protection system of information system or equipment and its working method | |
| US10257171B2 (en) | Server public key pinning by URL | |
| CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
| CN105430014B (en) | A kind of single-point logging method and its system | |
| CN103716292A (en) | Cross-domain single-point login method and device thereof | |
| Bazaz et al. | A review on single sign on enabling technologies and protocols | |
| CN104683306A (en) | Safe and controllable internet real-name certification mechanism | |
| CN102546579A (en) | Method, device and system used for providing system resources | |
| Zhao et al. | TrustCA: achieving certificate transparency through smart contract in blockchain platforms | |
| CN2891503Y (en) | Security protection system for information system or equipment | |
| US20210037011A1 (en) | Identity intermediary service authorization | |
| WO2007115495A1 (en) | Cpk-based gateway authenticating apparatus and method | |
| Chi et al. | Design and implementation of OpenStack cloud platform identity management scheme | |
| Nie et al. | SAML-based single sign-on for legacy system | |
| Cordis et al. | Considerations in mitigating Kerberos vulnerabilities for active directory | |
| CN1859149A (en) | Method for realizing stream medium business service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |