CN107733861A - It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method - Google Patents
It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method Download PDFInfo
- Publication number
- CN107733861A CN107733861A CN201710790919.9A CN201710790919A CN107733861A CN 107733861 A CN107733861 A CN 107733861A CN 201710790919 A CN201710790919 A CN 201710790919A CN 107733861 A CN107733861 A CN 107733861A
- Authority
- CN
- China
- Prior art keywords
- intranet
- quick response
- response code
- information
- enterprise
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses, without password login implementation method, specifically include following steps based on enterprise-level intranet and extranet environment:Step S100, using any communication electronic equipment with barcode scanning function, dimension code is scanned by APP;Step S200, log in Quick Response Code and obtain the information in Quick Response Code, sent by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes to the mobile interaction platform of enterprise;The Quick Response Code scanned in step S300, judgment step S100 is the Intranet authentication service or outer net authentication service directly linked, then carries out routing policy matching, step S310, if Quick Response Code is outer net authentication service, request outer net authority platform is authenticated;If Quick Response Code is Intranet authentication service, intranet data storehouse is accessed by way of isolating device SQL is penetrated;Complete authentication service;The present invention using Quick Response Code identification login avoids traditional forms of enterprises Intranet and logged in be authenticated by inputting account number cipher, improves security, while is avoided by asking to intercept, and the non-technical means leakage such as seizes on both sides by the arms.
Description
Technical field
The present invention relates to the convenient login method field of LAN subscriber, more particularly to enterprise-level Intranet or local area network applications
Without close login method field, specifically, be it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method.
Background technology
With national information construction and the development of internet, the information-based systems construction of Chinese large enterprise also begin to
Use for reference useful experience in internet.Most of website requires that user logs in reading, and for a user, each website will be remembered
A firmly account number cipher, it is very troublesome;Although 4A the or IAM systems in enterprise are as domestic enterprise's unified certification synthesis
Solution, solve the problems, such as the more accounts of corporate intranet multisystem, realized unified identity authentication mandate, but need
User is wanted to carry out login authentication using account number cipher, the process that certification logs in is again without simplification.Therefore, fundamentally to solve
The realistic problem such as user cipher memory problems and password weak passwurd, the present invention fundamentally kill password, allow conventional cipher to log in
As alternative rather than main select scheme.
Traditional website is generally all that the username and password that website is provided into field by way of registration is stored in net
In site server data, every time by inputting correct username and password, comparing is carried out by Website server, to sentence
Whether do not have permission into website.Today's society, each large enterprises are automatic for the Effec-tive Function of guarantee company's system and office
Change, generally can all build the enterprise-level database application system run in LAN, be so on the one hand advantageous to enterprise's office
Automate, be intelligent and efficient;It the circulation of company information is in comparatively safe state all the time simultaneously, avoid bright
Code information, which is held as a hostage or intercepted, applies mechanically.
Existing enterprise application system still also realizes that user right identifies by the way of user and password combine, and makees
For the certification necessary condition of login, but it is most obvious in this way the drawbacks of with regard to the unique certification entrance of system, visited on peak
When asking the period, very huge visit capacity is had, flow pressure is huge, and system card easily occurs in traditional password input mode
It is stagnant, influence the system login time.On the other hand, because password and user name must be very easy to pass through skill by being manually entered
Art means and non-technical means are illegally obtained and usurped, such as are intercepted, and the leak case such as seize on both sides by the arms;Meanwhile for user name
With the security of password, present major application system generally can all provide field length and type, and this is also to people memory side
Face proposes high request.
Current common technology has following several:
1) OpenID is the one kind proposed earliest without password login.Its imagination is such:Each net on internet
Location (URL), a unique webpage is all pointed to, this explanation network address has uniqueness.Therefore, use can be identified with network address
Family.So using OpenID website, do not require that user inputs " user name ", and require user and input one and represent its identity
Network address.Then, solved to the network address, if be confirmed, allow for user to log in, " stepped on so as to realize without password
Record ".OpenID has the shortcomings that two very big:First, needing server end to support, second, representing identity using network address, run counter to straight
Feel, domestic consumer's indigestion.Therefore, can not be promoted all the time.
2) third party's account.Advantage of this is that relatively intuitively, user is acceptant;Shortcoming is the business of itself, from
This will more or less rely on third party website.For example many websites are logged in using WeChat accounts now, once there is event in wechat
Barrier, these websites can all be affected.
3) Email disposable logging-ins.When user logs in, an Email address input box is only shown.User inputs
After Email addresses, website just sends an envelope mail to the address, and the inside contains one and logs in link.User clicks on this
Link, turn out he/her be strictly this mailbox owner, identity is effective, so as to realize log in.Link is logged at one section
It is interior effective, but by cookie user can be allowed to be in logging status for a long time.If cookie fail, again to
Subscriber mailbox sends another and logs in link.Due to whole verification process, all completed by Email, thoroughly realized "
Without password login ", and operating process is natural, should be readily appreciated that.Importantly, it uses existing Email agreements, it is not required to
Want server end to dispose new code, there is best compatibility.Major defect is that it needs user additionally to check a postal
Case, it is somewhat cumbersome;It, which is also not suitable for that user, can not open Email occasion, such as in friend's internet connection at home.Therefore, make
With its website, it is necessary to dispose standby login mode.
The content of the invention
It is an object of the invention to provide it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be used for
Solve existing to log in that existing account number cipher memory is cumbersome, login process needs hand by the way of username and password combination
Dynamic to input and be easily intercepted or seize on both sides by the arms, security leaves a question open, meanwhile, the problem of being unfavorable for promoting and access.
The purview certification of the invention that conducted interviews by the way of two-dimensional code scanning, it is without being keyed in by any identity information
Can secure log conducted interviews to corporate intranet, and SQL is carried out by isolating device and penetrates access registrar, and information encryption and
Channel encryption is set, and has been taken into account convenient and swift in the access safety and login process of information.
In order to solve the above-mentioned technical problem, expected technique effect is reached, the present invention is achieved through the following technical solutions:
First, to the present invention use solution method explanation before, to the present invention relates to noun or concept do
Description below:
Without close login:Refer to be different from traditional login mode without close login, realized based on specific application scenarios
A kind of a kind of login mode that account number cipher need not be used to complete login authentication, certain is not referred specifically to and logs in realization.
Quick Response Code:Quick Response Code is also known as QR Code, QR full name Quick Response, is a mobile device in recent years
A kind of upper super popular coded system, it can deposit more information than traditional Bar Code bar codes, can also represent more
Data type:Such as:Character, numeral, Japanese, Chinese etc..
SSO:Single Sign-on single sign-ons.
SSL:(Secure Sockets Layer SSLs) agreement, and its successor TLS (Transport
Layer Security Transport Layer Securities) agreement is a kind of security protocol that safety and data integrity are provided for network service.
Network connection is encrypted in transport layer by TLS and SSL, for Logistics networks data transmission security, using data encryption technology,
Ensure that data will not be intercepted and eavesdrop in network transmission process.Ssl protocol turns into globalization standard, all main clear
Look at device and WEB server program all supports ssl protocol, ssl protocol can be activated by installing SSL certificate.
SSL certificate is exactly the server digital certificate in accordance with ssl protocol, by certification authority (the CA machines of trust
Structure), issue after authentication server identity, deployment on the server, has website authentication and encrypted transmission dual-use function.
SM4 is a packet symmetric key algorithm, and plaintext, key, ciphertext are all 16 bytes, encryption and decryption keys phase
Together.Encryption and decryption are realized by the nonlinear iteration round function of 32 circulations.Including nonlinear transformation S boxes, and
The linear transformation being made up of displacement XOR.
It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be to utilize that there is scanning Quick Response Code function
Mobile electronic device by way of scanning Quick Response Code, to obtain the data message for specifying corporate intranet, including as movement
The communication mobile electronic device with barcode scanning function that user accesses is easy at end, and the letter of radio communication is carried out with the electronic equipment
Cease outer net and information Intranet:
Described information outer net includes including the secure interactive platform to communicate by https modes, Yi Jiyu with electronic equipment
Secure interactive platform carries out the outer net identity authority authentication module of data exchange;And
Described information Intranet includes the database of storage user profile, carries out data exchange with database and recognizes for Intranet
Demonstrate,prove the Intranet authentication rights service module of service;
Specifically include following steps:
Step S100, using any communication mobile electronic device with barcode scanning function, by being arranged on the electronics
The 2 D code information on mobile APP scanning corporate intranet servers in equipment;
Quick Response Code in step S200, login step S100 simultaneously obtains the information in Quick Response Code, meanwhile, the electronic equipment
The user profile being infused in the APP and electronic device information are sent by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes
To the mobile interaction platform of enterprise;
Step S300, the Quick Response Code personal information that the mobile interaction platform is submitted according to user terminal requests, enters first
Row user profile and ownership judge that the Quick Response Code scanned in obtaining step S100 is the Intranet authentication service or outer net directly linked
Authentication service, then carries out routing policy matching, and the routing policy matching is total to by Intranet authentication service and outer net authentication service
With composition;
Step S310, if the Quick Response Code scanned in step S300 is the outer net authentication service of link, user's barcode scanning logs in
After request is submitted, it is authenticated according to the routing policy request outer net authority platform described in step S300;
Step S320, if the Quick Response Code scanned in step S300 is the Intranet authentication service of link, user's barcode scanning logs in
After request is submitted, fitted through by the routing policy described in step S300 in the way of isolating device SQL is penetrated and access Intranet
Database;
Step S330, Intranet authentication service complete certification clothes by parsing the intranet data storehouse described in read step S320
Business;
Step S400, the Successful login Intranet if any one group of certification success in step S310 or step S320-S330, if
Authentification failure then prompts error message, login failure by the APP described in step S100.
Preferably, the step S100 also includes APP user's registrations binding step, specifically includes:
The APP logged in enterprise's barcode scanning is downloaded and installed to step S110, electronic equipment;
Step S120, for opening APP, select to be used for identity by APP scanning Intranet registration services in a manner of selecting one
The Quick Response Code of binding completes registration, or directly carries out user profile registration binding by the Intranet registration service page;
Step S130, during information is submitted, described information Intranet sends word checking information to electronic equipment and noted
Volume checking;
Step S140, user are given birth to by the word checking information obtained in input step S130 by checking and in APP
There is the user profile stored in information intranet data storehouse into binding.
Preferably, the electronic equipment includes mobile phone.
Preferably, outer net authentication service described in the step S310 is specially:
Step S311, the Quick Response Code of electronic equipment scanning link outer net authentication service, and believed user by https modes
Breath is sent to secure interactive platform, the information process request scanned by secure interactive platform processes electronic equipment by App;
Step S312, the secure interactive platform will handle request and send to mobile interaction platform, and according to request type
Send to outer net authority platform;
Step S313, after outer net authority platform receives certification request, SQL data are converted the request into using isolating device
Send to intranet data storehouse and the logon rights for differentiating request are compared.
Preferably, the isolating device uses SysKeeper-2000 network safety isolator forward direction types.
Preferably, Intranet authentication service described in the step S320 is specially:
Step S321, during scanning input Intranet Quick Response Code, number of users is deposited by built-in SQLLite databases temporarily it is believed that
Breath, and logging request is inquired about in SQLLite databases, and logging request is encrypted by SM4 and deposited;
Step S322, the service interface that electronic equipment will be supplied to APP to access, and the APP data accessed are used into passage
Encryption SSL mode carries out SQL by isolating device and penetrates access intranet data storehouse.
Preferably, the user profile includes electronic equipment code, user name, head portrait, gesture and accesses record.
The present invention compared with prior art, has advantages below and beneficial effect:
(1) present invention avoids traditional forms of enterprises's Intranet using Quick Response Code identification login and logged in by inputting account number cipher progress
Certification, because authority is extremely important in enterprise, as unified authentication platform, the security of its account just shows particularly important,
The mode of traditional input account number cipher, not only access speed is slower, and (request intercepts, and holds under the arm easily by non-technical means
Hold) leakage.
(2) present invention, avoiding traditional forms of enterprises's Intranet user name password login authentication mode, account is manually entered, particularly
The complicated password for having certain length requirement, the problem of causing memory difficulty, while complicated account number cipher is brought to user
The memory problems of relative difficulty.
(3) present invention has preferable autgmentability, the mode by the use of Quick Response Code as carrying authority information, can be according to difference
Personnel, different departments have a different safe classes, and docking is other without close authentication mode, such as fingerprint, face recognition, iris etc.
Autgmentability design provides necessary condition.
Brief description of the drawings
Fig. 1 is the operation logic schematic diagram of the embodiment of the present invention 1;
Fig. 2 is the operation logic schematic diagram of embodiment 2;
Embodiment
The present invention is described in further detail with reference to the preferred embodiments of the present invention, but the embodiment party of the present invention
Formula not limited to this.
Embodiment 1:
First, to the present invention use solution method explanation before, to the present invention relates to noun or concept do
Description below:
Without close login:Refer to be different from traditional login mode without close login, realized based on specific application scenarios
A kind of a kind of login mode that account number cipher need not be used to complete login authentication, certain is not referred specifically to and logs in realization.
Quick Response Code:Quick Response Code is also known as QR Code, QR full name Quick Response, is a mobile device in recent years
A kind of upper super popular coded system, it can deposit more information than traditional Bar Code bar codes, can also represent more
Data type:Such as:Character, numeral, Japanese, Chinese etc..
SSO:Single Sign-on single sign-ons.
SSL:(Secure Sockets Layer SSLs) agreement, and its successor TLS (Transport
Layer Security Transport Layer Securities) agreement is a kind of security protocol that safety and data integrity are provided for network service.
Network connection is encrypted in transport layer by TLS and SSL, for Logistics networks data transmission security, using data encryption technology,
Ensure that data will not be intercepted and eavesdrop in network transmission process.Ssl protocol turns into globalization standard, all main clear
Look at device and WEB server program all supports ssl protocol, ssl protocol can be activated by installing SSL certificate.
SSL certificate is exactly the server digital certificate in accordance with ssl protocol, by certification authority (the CA machines of trust
Structure), issue after authentication server identity, deployment on the server, has website authentication and encrypted transmission dual-use function.
SM4 is a packet symmetric key algorithm, and plaintext, key, ciphertext are all 16 bytes, encryption and decryption keys phase
Together.Encryption and decryption are realized by the nonlinear iteration round function of 32 circulations.Including nonlinear transformation S boxes, and
The linear transformation being made up of displacement XOR.In addition to the S boxes of 256 bytes, other two groups of parameters FK and CK (tool are also defined
Volume data reference password number board web).Basic process is that 16 byte keys are divided into 4 groups for one group according to 4 byte first, then basis
Key schedule, generate 32 group of 4 byte round key;Again 16 byte datas of input also according to one group of 4 byte be divided into 4 groups it is right
Carry out loop computation afterwards (this puts similar with aes algorithm).It is a simple encryption demo flow below.
With reference to shown in accompanying drawing 1, it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be using having
The mobile electronic device of Quick Response Code function is scanned by way of scanning Quick Response Code, specifies the data of corporate intranet to believe to obtain
Cease, including be easy to the communication mobile electronic device with barcode scanning function of user's access as mobile terminal, with the electronic equipment
Carry out the information outer net and information Intranet of radio communication:
Described information outer net includes including the secure interactive platform to communicate by https modes, Yi Jiyu with electronic equipment
Secure interactive platform carries out the outer net identity authority authentication module of data exchange;And
Described information Intranet includes the database of storage user profile, carries out data exchange with database and recognizes for Intranet
Demonstrate,prove the Intranet authentication rights service module of service;
Specifically include following steps:
Step S100, using any communication mobile electronic device with barcode scanning function, by being arranged on the electronics
The 2 D code information on mobile APP scanning corporate intranet servers in equipment;In the present embodiment, the step S100 also includes
APP user's registrations bind step, specifically include:
The APP logged in enterprise's barcode scanning is downloaded and installed to step S110, electronic equipment;
Step S120, for opening APP, select to be used for identity by APP scanning Intranet registration services in a manner of selecting one
The Quick Response Code of binding completes registration, or directly carries out user profile registration binding by the Intranet registration service page;
Step S130, during information is submitted, described information Intranet sends word checking information to electronic equipment and noted
Volume checking;
Step S140, user are given birth to by the word checking information obtained in input step S130 by checking and in APP
There is the user profile stored in information intranet data storehouse into binding.
Quick Response Code in step S200, login step S100 simultaneously obtains the information in Quick Response Code, meanwhile, the electronic equipment
The user profile being infused in the APP and electronic device information are sent by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes
To the mobile interaction platform of enterprise;
Step S300, the Quick Response Code personal information that the mobile interaction platform is submitted according to user terminal requests, enters first
Row user profile and ownership judge that the Quick Response Code scanned in obtaining step S100 is the Intranet authentication service or outer net directly linked
Authentication service, then carries out routing policy matching, and the routing policy matching is total to by Intranet authentication service and outer net authentication service
With composition;
Step S310, if the Quick Response Code scanned in step S300 is the outer net authentication service of link, user's barcode scanning logs in
After request is submitted, it is authenticated according to the routing policy request outer net authority platform described in step S300;The step S310
The outer net authentication service is specially:
Step S311, the Quick Response Code of electronic equipment scanning link outer net authentication service, and believed user by https modes
Breath is sent to secure interactive platform, the information process request scanned by secure interactive platform processes electronic equipment by App;
Step S312, the secure interactive platform will handle request and send to mobile interaction platform, and according to request type
Send to outer net authority platform;
Step S313, after outer net authority platform receives certification request, SQL data are converted the request into using isolating device
Send to intranet data storehouse and the logon rights for differentiating request are compared.
Step S400, the Successful login Intranet if step S310 certifications success, by step S100 if authentification failure
Described APP prompting error messages, login failure.
In the present embodiment, the electronic equipment includes mobile phone.
In the present embodiment, the isolating device uses SysKeeper-2000 network safety isolator forward direction types.
In the present embodiment, the user profile includes electronic equipment code, user name, head portrait, gesture and accesses record.
In the present embodiment, the SM4 algorithm flows are as follows, but to those skilled in the art it should be understood that SM4 is calculated
Method is already belonging to prior art, and below scheme program is merely convenient of understanding and is used, and actual encryption algorithm can use and below scheme
Equivalent multiple programs are realized, specific as follows:
Embodiment 2:
With reference to shown in accompanying drawing 2, it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be using having
The mobile electronic device of Quick Response Code function is scanned by way of scanning Quick Response Code, specifies the data of corporate intranet to believe to obtain
Cease, including be easy to the communication mobile electronic device with barcode scanning function of user's access as mobile terminal, with the electronic equipment
Carry out the information outer net and information Intranet of radio communication:
Described information outer net includes including the secure interactive platform to communicate by https modes, Yi Jiyu with electronic equipment
Secure interactive platform carries out the outer net identity authority authentication module of data exchange;And
Described information Intranet includes the database of storage user profile, carries out data exchange with database and recognizes for Intranet
Demonstrate,prove the Intranet authentication rights service module of service;
Specifically include following steps:
Step S100, using any communication mobile electronic device with barcode scanning function, by being arranged on the electronics
The 2 D code information on mobile APP scanning corporate intranet servers in equipment;In the present embodiment, the step S100 also includes
APP user's registrations bind step, specifically include:
The APP logged in enterprise's barcode scanning is downloaded and installed to step S110, electronic equipment;
Step S120, for opening APP, select to be used for identity by APP scanning Intranet registration services in a manner of selecting one
The Quick Response Code of binding completes registration, or directly carries out user profile registration binding by the Intranet registration service page;
Step S130, during information is submitted, described information Intranet sends word checking information to electronic equipment and noted
Volume checking;
Step S140, user are given birth to by the word checking information obtained in input step S130 by checking and in APP
There is the user profile stored in information intranet data storehouse into binding.
Quick Response Code in step S200, login step S100 simultaneously obtains the information in Quick Response Code, meanwhile, the electronic equipment
The user profile being infused in the APP and electronic device information are sent by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes
To the mobile interaction platform of enterprise;
Step S300, the Quick Response Code personal information that the mobile interaction platform is submitted according to user terminal requests, enters first
Row user profile and ownership judge that the Quick Response Code scanned in obtaining step S100 is the Intranet authentication service or outer net directly linked
Authentication service, then carries out routing policy matching, and the routing policy matching is total to by Intranet authentication service and outer net authentication service
With composition;
Step S320, if the Quick Response Code scanned in step S300 is the Intranet authentication service of link, user's barcode scanning logs in
After request is submitted, fitted through by the routing policy described in step S300 in the way of isolating device SQL is penetrated and access Intranet
Database;
Step S330, Intranet authentication service complete certification clothes by parsing the intranet data storehouse described in read step S320
Business;
Step S400, the Successful login Intranet if step S320-S330 certifications success, passes through step if authentification failure
APP prompting error messages described in S100, login failure.
In the present embodiment, the electronic equipment includes mobile phone.
In the present embodiment, the isolating device uses SysKeeper-2000 network safety isolator forward direction types.
In the present embodiment, Intranet authentication service described in the step S320 is specially:
Step S321, during scanning input Intranet Quick Response Code, number of users is deposited by built-in SQLLite databases temporarily it is believed that
Breath, and logging request is inquired about in SQLLite databases, and logging request is encrypted by SM4 and deposited;
Step S322, the service interface that electronic equipment will be supplied to APP to access, and the APP data accessed are used into passage
Encryption SSL mode carries out SQL by isolating device and penetrates access intranet data storehouse.
In the present embodiment, the user profile includes electronic equipment code, user name, head portrait, gesture and accesses record.
In the present embodiment, the SM4 algorithm flows are identical with SM4 algorithm flows described in embodiment 1, in the present embodiment
Just do not repeating.
It is described above, be only presently preferred embodiments of the present invention, any formal limitation not done to the present invention, it is every according to
Any simply modification, the equivalent variations made according to the technical spirit of the present invention to above example, each fall within the protection of the present invention
Within the scope of.
Claims (7)
1. it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be to utilize that there is scanning Quick Response Code function
Mobile electronic device by way of scanning Quick Response Code, to obtain the user ID data information for specifying corporate intranet, it is special
Sign is, including is easy to the communication mobile electronic device with barcode scanning function of user's access as mobile terminal, with the electronics
Equipment carries out the information outer net and information Intranet of radio communication:
Described information outer net includes including the secure interactive platform that communicates by https modes with electronic equipment, and with safety
Interaction platform carries out the flat authentication module of outer net identity authority of data exchange;And
Described information Intranet includes the database of storage user profile, and intranet and extranet carry out SQL by enterprise firewall isolating device
Penetrate, and data exchange is carried out and for the Intranet authentication rights service mould of Intranet authentication service with intranet data storehouse
Block;
Specifically include following steps:
Step S100, using any communication mobile electronic device with barcode scanning function, by being arranged on the electronic equipment
2 D code information on interior mobile APP scanning corporate intranet servers;
Quick Response Code in step S200, login step S100 simultaneously obtains the information in Quick Response Code, meanwhile, the electronic equipment will be noted
Enter the user profile in the APP and electronic device information to send to enterprise by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes
The mobile interaction platform of industry;
Step S300, the Quick Response Code personal information that the mobile interaction platform is submitted according to user terminal requests, is used first
Family information and ownership judge that the Quick Response Code scanned in obtaining step S100 is the Intranet authentication service or outer net certification directly linked
Service, routing policy matching is then carried out, the routing policy matching is by Intranet authentication service and common group of outer net authentication service
Into;
Step S310, if the Quick Response Code scanned in step S300 is the outer net authentication service of link, user's barcode scanning logging request
After submission, it is authenticated according to the routing policy request outer net authority platform described in step S300;
Step S320, if the Quick Response Code scanned in step S300 is the Intranet authentication service of link, user's barcode scanning logging request
After submission, fitted through by the routing policy described in step S300 in the way of isolating device SQL is penetrated and access intranet data
Storehouse;
Step S330, Intranet authentication service complete authentication service by parsing the intranet data storehouse described in read step S320;
Step S400, the Successful login Intranet if any one group of certification success in step S310 or step S320-S330, if certification
Failure then prompts error message, login failure by the APP described in step S100.
2. it is according to claim 1 it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, its feature
It is, the step S100 also includes APP user's registrations binding step, specifically includes:
The APP logged in enterprise's barcode scanning is downloaded and installed to step S110, electronic equipment;
Step S120, for opening APP, select to be used for identity binding by APP scanning Intranet registration services in a manner of selecting one
Quick Response Code complete registration, or by the Intranet registration service page directly carry out user profile registration binding;
Step S130, during information is submitted, described information Intranet carries out registration to electronic equipment transmission word checking information and tested
Card;
Step S140, user are tied up by the word checking information obtained in input step S130 by verifying and being generated in APP
Surely there is the user profile stored in information intranet data storehouse.
3. it is according to claim 1 or 2 it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, it is special
Sign is that the electronic equipment includes mobile phone.
4. it is according to claim 1 it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, its feature
It is, outer net authentication service described in the step S310 is specially:
Step S311, the Quick Response Code of electronic equipment scanning link outer net authentication service, and passed user profile by https modes
Secure interactive platform is sent to, the information process request scanned by secure interactive platform processes electronic equipment by App;
Step S312, the secure interactive platform will handle request and send to mobile interaction platform, and be sent according to request type
To outer net authority platform;
Step S313, after outer net authority platform receives certification request, convert the request into SQL data using isolating device and send
The logon rights for differentiating request are compared to intranet data storehouse.
5. based on enterprise-level intranet and extranet environment without password login implementation method, it is special by a kind of according to claim 1 or 4
Sign is that the isolating device uses SysKeeper-2000 network safety isolator forward direction types.
6. according to claim 1 or 5 it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, it is special
Sign is that Intranet authentication service described in the step S320 is specially:
Step S321, during scanning input Intranet Quick Response Code, user data information is deposited by built-in SQLLite databases temporarily,
And inquired about logging request in SQLLite databases, and logging request is encrypted by SM4 and deposited;
Step S322, the service interface that electronic equipment will be supplied to APP to access, and the APP data accessed are used into channel encryption
SSL modes carry out SQL by isolating device and penetrate access intranet data storehouse.
It is 7. a kind of real without password login based on enterprise-level intranet and extranet environment according to any one in claim 1,2,4
Existing method, it is characterised in that the user profile includes electronic equipment code, user name, head portrait, gesture and accesses record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710790919.9A CN107733861A (en) | 2017-09-05 | 2017-09-05 | It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710790919.9A CN107733861A (en) | 2017-09-05 | 2017-09-05 | It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107733861A true CN107733861A (en) | 2018-02-23 |
Family
ID=61205778
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710790919.9A Pending CN107733861A (en) | 2017-09-05 | 2017-09-05 | It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107733861A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108377244A (en) * | 2018-02-26 | 2018-08-07 | 云南维者科技有限公司 | A kind of Intranet uniform authentication method |
| CN108667813A (en) * | 2018-04-18 | 2018-10-16 | 珠海横琴盛达兆业科技投资有限公司 | Net system method in a kind of login based on small routine |
| CN110688637A (en) * | 2019-09-29 | 2020-01-14 | 广州大白互联网科技有限公司 | Authentication method and authentication system between internal and external network devices |
| CN110866243A (en) * | 2019-10-25 | 2020-03-06 | 北京达佳互联信息技术有限公司 | Login authority verification method, device, server and storage medium |
| CN111049880A (en) * | 2019-10-24 | 2020-04-21 | 国网山东省电力公司 | Internal and external network data transmission method and system based on mobile training terminal |
| CN111193708A (en) * | 2019-11-29 | 2020-05-22 | 云深互联(北京)科技有限公司 | Code scanning login method and device based on enterprise browser |
| CN112258103A (en) * | 2020-09-27 | 2021-01-22 | 北京云杉世界信息技术有限公司 | Method for accessing and monitoring environmental data of fresh and frozen product warehouse |
| CN112565198A (en) * | 2020-11-11 | 2021-03-26 | 浪潮电子信息产业股份有限公司 | Secret-free login method and device, electronic equipment and storage medium |
| CN112580018A (en) * | 2019-09-29 | 2021-03-30 | 北京国双科技有限公司 | User management mode switching method and device |
| CN112948800A (en) * | 2021-02-26 | 2021-06-11 | 北京北大千方科技有限公司 | Two-dimensional code login annunciator management platform method, device, equipment and medium |
| CN114080004A (en) * | 2020-08-19 | 2022-02-22 | 阿里巴巴集团控股有限公司 | Private network access method and device |
| CN114285603A (en) * | 2021-12-01 | 2022-04-05 | 浪潮软件股份有限公司 | Method for logging in website based on gesture password mode |
| CN114338204A (en) * | 2021-12-30 | 2022-04-12 | 中国电信股份有限公司 | Method, electronic device and medium for login verification of public network communication platform for intranet |
| CN114978709A (en) * | 2022-05-24 | 2022-08-30 | 成都市第三人民医院 | Lightweight unified security authentication system and method for medical application |
| CN114978588A (en) * | 2022-04-12 | 2022-08-30 | 湖北华特信息技术有限公司 | Verification method and system based on optical one-way information transmission |
| CN116132141A (en) * | 2022-12-30 | 2023-05-16 | 中国人寿保险股份有限公司上海数据中心 | System and method for integrating office mail system and multiple identity authentication modes |
| CN116506237A (en) * | 2023-06-30 | 2023-07-28 | 深圳市今天国际物流技术股份有限公司 | Remote identity verification and transmission method completely off-line |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685749A (en) * | 2012-05-30 | 2012-09-19 | 杭州师范大学 | Wireless safety authentication method orienting to mobile terminal |
| CN105512900A (en) * | 2015-12-17 | 2016-04-20 | 厦门纳纬信息技术有限公司 | Product anti-counterfeiting authenticating and product quality tracking method |
| CN106570751A (en) * | 2016-11-08 | 2017-04-19 | 南京擎天科技有限公司 | Export tax rebate reporting device based on code scanning entry and method thereof |
-
2017
- 2017-09-05 CN CN201710790919.9A patent/CN107733861A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685749A (en) * | 2012-05-30 | 2012-09-19 | 杭州师范大学 | Wireless safety authentication method orienting to mobile terminal |
| CN105512900A (en) * | 2015-12-17 | 2016-04-20 | 厦门纳纬信息技术有限公司 | Product anti-counterfeiting authenticating and product quality tracking method |
| CN106570751A (en) * | 2016-11-08 | 2017-04-19 | 南京擎天科技有限公司 | Export tax rebate reporting device based on code scanning entry and method thereof |
Non-Patent Citations (1)
| Title |
|---|
| 彭永勇,: ""基于企业内外网场景的非涉密登录关键技术研究",", 《信息与电脑》 * |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108377244A (en) * | 2018-02-26 | 2018-08-07 | 云南维者科技有限公司 | A kind of Intranet uniform authentication method |
| CN108667813A (en) * | 2018-04-18 | 2018-10-16 | 珠海横琴盛达兆业科技投资有限公司 | Net system method in a kind of login based on small routine |
| CN112580018A (en) * | 2019-09-29 | 2021-03-30 | 北京国双科技有限公司 | User management mode switching method and device |
| CN110688637A (en) * | 2019-09-29 | 2020-01-14 | 广州大白互联网科技有限公司 | Authentication method and authentication system between internal and external network devices |
| CN111049880A (en) * | 2019-10-24 | 2020-04-21 | 国网山东省电力公司 | Internal and external network data transmission method and system based on mobile training terminal |
| CN110866243A (en) * | 2019-10-25 | 2020-03-06 | 北京达佳互联信息技术有限公司 | Login authority verification method, device, server and storage medium |
| CN110866243B (en) * | 2019-10-25 | 2022-11-22 | 北京达佳互联信息技术有限公司 | Login authority verification method, device, server and storage medium |
| CN111193708A (en) * | 2019-11-29 | 2020-05-22 | 云深互联(北京)科技有限公司 | Code scanning login method and device based on enterprise browser |
| CN114080004B (en) * | 2020-08-19 | 2024-04-09 | 阿里巴巴集团控股有限公司 | Private network access method and device |
| CN114080004A (en) * | 2020-08-19 | 2022-02-22 | 阿里巴巴集团控股有限公司 | Private network access method and device |
| CN112258103A (en) * | 2020-09-27 | 2021-01-22 | 北京云杉世界信息技术有限公司 | Method for accessing and monitoring environmental data of fresh and frozen product warehouse |
| CN112565198A (en) * | 2020-11-11 | 2021-03-26 | 浪潮电子信息产业股份有限公司 | Secret-free login method and device, electronic equipment and storage medium |
| CN112948800A (en) * | 2021-02-26 | 2021-06-11 | 北京北大千方科技有限公司 | Two-dimensional code login annunciator management platform method, device, equipment and medium |
| CN112948800B (en) * | 2021-02-26 | 2024-04-12 | 北京北大千方科技有限公司 | Two-dimensional code log-in annunciator management platform method, device, equipment and medium |
| CN114285603A (en) * | 2021-12-01 | 2022-04-05 | 浪潮软件股份有限公司 | Method for logging in website based on gesture password mode |
| CN114338204A (en) * | 2021-12-30 | 2022-04-12 | 中国电信股份有限公司 | Method, electronic device and medium for login verification of public network communication platform for intranet |
| CN114338204B (en) * | 2021-12-30 | 2024-05-03 | 中国电信股份有限公司 | Method for login verification of public network communication platform in intranet, electronic equipment and medium |
| CN114978588A (en) * | 2022-04-12 | 2022-08-30 | 湖北华特信息技术有限公司 | Verification method and system based on optical one-way information transmission |
| CN114978709B (en) * | 2022-05-24 | 2023-06-27 | 成都市第三人民医院 | Lightweight unified security authentication method for medical application |
| CN114978709A (en) * | 2022-05-24 | 2022-08-30 | 成都市第三人民医院 | Lightweight unified security authentication system and method for medical application |
| CN116132141A (en) * | 2022-12-30 | 2023-05-16 | 中国人寿保险股份有限公司上海数据中心 | System and method for integrating office mail system and multiple identity authentication modes |
| CN116506237A (en) * | 2023-06-30 | 2023-07-28 | 深圳市今天国际物流技术股份有限公司 | Remote identity verification and transmission method completely off-line |
| CN116506237B (en) * | 2023-06-30 | 2023-09-22 | 深圳市今天国际物流技术股份有限公司 | Remote identity verification and transmission method completely off-line |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107733861A (en) | It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method | |
| JP5926441B2 (en) | Secure authentication in multi-party systems | |
| CN101202753B (en) | Method and device for accessing plug-in connector applied system by client terminal | |
| US8572712B2 (en) | Device independent authentication system and method | |
| CN102655494B (en) | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
| US20090307486A1 (en) | System and method for secured network access utilizing a client .net software component | |
| US9122865B2 (en) | System and method to establish and use credentials for a common lightweight identity through digital certificates | |
| CN105306211B (en) | A kind of identity identifying method of client software | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| CN108684041A (en) | The system and method for login authentication | |
| CN108964885A (en) | Method for authenticating, device, system and storage medium | |
| CN109618341A (en) | A kind of digital signature authentication method, system, device and storage medium | |
| CN107122674A (en) | A kind of access method of oracle database applied to O&M auditing system | |
| CN101986598B (en) | Authentication method, server and system | |
| CN107872455A (en) | A kind of cross-domain single login system and its method | |
| CN101448001A (en) | System for realizing WAP mobile banking transaction security control and method thereof | |
| CN106230594B (en) | Method for user authentication based on dynamic password | |
| CN103384198A (en) | User identity identification service method and system on basis of mailbox | |
| US20240354396A1 (en) | Pre-registration of authentication devices | |
| CN104469736B (en) | A kind of data processing method, server and terminal | |
| CN105100093B (en) | A kind of identity authentication method and server | |
| CN110071937A (en) | Login method, system and storage medium based on block chain | |
| US20040083296A1 (en) | Apparatus and method for controlling user access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180223 |