CN111953711A - Communication authentication method based on security authentication mechanism - Google Patents
Communication authentication method based on security authentication mechanism Download PDFInfo
- Publication number
- CN111953711A CN111953711A CN202010872948.1A CN202010872948A CN111953711A CN 111953711 A CN111953711 A CN 111953711A CN 202010872948 A CN202010872948 A CN 202010872948A CN 111953711 A CN111953711 A CN 111953711A
- Authority
- CN
- China
- Prior art keywords
- user
- application
- mobile terminal
- network
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a communication authentication method based on a security authentication mechanism, and relates to the field of communication authentication. A communication authentication method based on a security authentication mechanism comprises the following steps: receiving an access request of the mobile terminal through the server, and forwarding the access request to the network application; the server forwards the access request to the single sign-on application and associates a plurality of network applications through the single sign-on application; the single sign-on application establishes the same user ID for a plurality of associated network applications according to the access request, and the single sign-on application establishes a user key of the user ID for each network application respectively. The invention meets the requirements of mobile office work and solves the problems of low efficiency and low safety of the mobile office work.
Description
Technical Field
The invention relates to the field of communication authentication, in particular to a communication authentication method based on a security authentication mechanism.
Background
In order to solve the problem that the perception of users is affected due to the fact that systems of all websites are relatively independent and each website has an independent page image style and a password authentication system, related technologies build a unified certificate center in a website group to complete Single Sign-On (SSO) technology recognition of all business websites. SSO realizes a unified identity authentication system of all external websites, and a client can enjoy the service of the whole network only by logging in at one point without multiple authentications.
In an enterprise, a user may typically have access to one or more different systems and applications. Each of these systems and applications may utilize different access control policies and require different credentials. This may require users to manage many different credentials for the systems and applications they often use, which results in password fatigue, wasted time entering and re-entering credentials, and additional IT resources for recovering and/or resetting lost credentials. Single sign-on (SSO) can provide a user with access to multiple systems and applications after an initial login (log-in). For example, when a user logs into their work computer, the user may then also have access to one or more other systems and applications.
Due to office security requirements, current SSO solutions are typically implemented using local area network based office area computers. Therefore, in the mobile office field, users cannot access network-based services at any time through mobile phones and tablets. Also, SSO can provide a single sign-on to several of a user's web applications while still requiring the user to manually log into other systems or applications, thus reducing the efficiency of mobile terminal access. There is a need for a communication authentication method that can improve the efficiency and security of mobile office work.
Disclosure of Invention
The invention aims to provide a communication authentication method based on a security authentication mechanism, which can improve the efficiency and the security of mobile office work.
The embodiment of the invention is realized by the following steps:
the embodiment of the application provides a communication authentication method based on a safety authentication mechanism, which comprises the following steps: receiving an access request of a mobile terminal through a server, and forwarding the access request to a network application; the server forwards the access request to a single sign-on application, and associates a plurality of network applications through the single sign-on application; the single sign-on application establishes the same user ID for a plurality of associated network applications according to the access request, the single sign-on application establishes a user key of the user ID for each network application, and returns the user ID and the user key to the mobile terminal through the server, and the mobile terminal packages the access request through the user ID and the user key to generate a repeat request and sends the repeat request to the server; and the server forwards the repeated request to a plurality of associated network applications, and each network application acquires the user ID and the user key through the repeated request and successfully logs in the mobile terminal after passing the verification.
In some embodiments of the present invention, the server obtains the user ID through the repeat request, updates the user keys of the plurality of associated network applications and the respective network applications according to the user ID, and forwards the updated user ID and the updated user key to the plurality of associated network applications, and returns the updated user ID and the updated user key to the mobile terminal.
In some embodiments of the present invention, the single sign-on application establishes a different user key for each of the network applications.
In some embodiments of the present invention, the mobile terminal generates the repeat request by packaging one or more user keys.
In some embodiments of the present invention, the access request includes identity authentication information of the mobile terminal.
In some embodiments of the present invention, the authentication information includes any one or more of a TCP/IP protocol, an SSL protocol, a device public key, a device private key, a session key, and a digital signature.
In some embodiments of the present invention, the user ID is generated according to the identity authentication information.
In some embodiments of the present invention, the user key of each of the network applications is generated according to the identity authentication information.
In some embodiments of the present invention, the user key of each of the network applications is generated by using different hash algorithms according to the device public key, the device private key, or the session key.
In some embodiments of the invention, the single sign-on application is a Javascript application.
Compared with the prior art, the embodiment of the invention has at least the following advantages or beneficial effects:
a communication authentication method based on a security authentication mechanism comprises the following steps: receiving an access request of a mobile terminal through a server, and forwarding the access request to a network application; the server forwards the access request to a single sign-on application, and associates a plurality of network applications through the single sign-on application; the single sign-on application establishes the same user ID for a plurality of related network applications according to the access request, the single sign-on application establishes a user key of the user ID for each network application, and returns the user ID and the user key to the mobile terminal through the server, and the mobile terminal packages the user ID and the user key to generate a repeat request and sends the repeat request to the server; and the server forwards the repeated request to a plurality of associated network applications, and each network application acquires the user ID and the user key through the repeated request and successfully logs in the mobile terminal after passing the verification.
The embodiment of the invention receives the access request of the mobile terminal through the server, thereby facilitating people to remotely send the access request of the network application through a mobile phone or other mobile terminals at any time and meeting the requirements of mobile office; the server forwards the access request to the network application, so that the mobile terminal can access the network application; the server forwards the access request to the single sign-on application, and associates a plurality of network applications through the single sign-on application, so that the access right of the mobile terminal to the plurality of network applications can be conveniently set; the single sign-on application establishes the same user ID for a plurality of associated network applications according to an access request sent by the mobile terminal, the single sign-on application establishes a user key of the user ID for each network application respectively, and returns the user ID and the user key to the mobile terminal through the server, so that the mobile terminal takes the user ID and the user key as a certificate for accessing the associated network applications again, the efficiency of accessing the plurality of network applications by the mobile terminal is improved, and high-efficiency office work is facilitated; the mobile terminal generates a repeat request by packaging the user ID and the user key and sends the repeat request to the server, so that the user ID and the user key are used as the credentials of the accessed network application, the access rights of the associated network applications are further acquired, and the safety of mobile office is improved; the server directly forwards the repeated request to the associated network applications without verifying whether the mobile terminal has the authority of different network applications, so that the problems of access failure and time delay of the mobile terminal are solved; and each network application acquires the user ID and the user key through repeated requests, and the mobile terminal is successfully logged in after verification is passed, so that the communication safety of mobile office is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart illustrating a communication authentication method based on a security authentication mechanism according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that, in this document, the term "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion, so that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but also other elements not expressly listed or inherent to such process, method, article, or apparatus.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the individual features of the embodiments can be combined with one another without conflict.
Examples
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a communication authentication method based on a security authentication mechanism according to an embodiment of the present disclosure. The communication authentication method based on the security authentication mechanism comprises the following steps: receiving an access request of a mobile terminal through a server, and forwarding the access request to the network application; the server forwards the access request to a single sign-on application, and associates a plurality of network applications through the single sign-on application; the single sign-on application establishes the same user ID for a plurality of related network applications according to the access request, the single sign-on application establishes a user key of the user ID for each network application, and returns the user ID and the user key to the mobile terminal through the server, and the mobile terminal packages the user ID and the user key to generate a repeat request and sends the repeat request to the server; and the server forwards the repeated request to a plurality of associated network applications, and each network application acquires the user ID and the user key through the repeated request and successfully logs in the mobile terminal after passing the verification.
In detail, the server receives an access request of the mobile terminal through network communication and forwards the access request to the network application. Optionally, the number of the network applications is multiple, and the server analyzes the network application to be accessed according to the access request, so as to forward the access request to the network application. The network application can log in the client by verifying the information of the access request.
In detail, the server forwards the access request to the single sign-on application, and associates a plurality of network applications through the single sign-on application. The server forwards the access request to the single sign-on application, so that the single sign-on application acquires the network application accessed by the client according to the access request. The single sign-on application is configured to associate a plurality of web applications, wherein each web application may associate a plurality of other web applications. Optionally, the plurality of network applications may be associated with other network applications according to the network application accessed by the client. Optionally, the single sign-on application associates multiple network applications, and the sequence of the two steps of forwarding the access request to the single sign-on application by the server can be exchanged, so that the single sign-on application associates the multiple network applications in advance, and is convenient to set access permissions of the associated network applications according to different networks accessed by the mobile terminal, so that different security permissions are established according to different mobile terminals, and the office safety is further improved. Optionally, the single sign-on application divides the plurality of web applications into a plurality of groups and associates with each other, wherein the single sign-on application may represent each group of web applications by a different label. Optionally, after the mobile terminal successfully logs into the web application, the server may forward the access request to the single-sign-on client application, such that the single-sign-on application establishes the user ID and the user key based on the plurality of access applications associated with the mobile terminal successfully accessing the web application.
In detail, the single sign-on application establishes the same user ID for a plurality of associated network applications according to the access request, so that the single sign-on application establishes the user ID according to the access request of the client. In detail, the single sign-on application establishes a user key of a user ID for each network application, respectively, where the user ID matches with the user key of each network application, and the user keys of the network applications may be set to be the same or different. The server returns the user ID and the user key to the mobile terminal, so that the user ID is used as identity authentication of the mobile terminal accessing the network application, and the user ID is used as access credentials for accessing the associated different network applications. Optionally, the single sign-on application searches for the network application that the mobile terminal has accessed through the user ID, so as to determine whether the network application that the mobile terminal currently accesses is associated with the network application that has accessed, where the network application that is currently accessed is obtained through an access request sent by the mobile terminal. Optionally, the server obtains login permissions of all the network applications through the single sign-on application, so that the client logs in each network application according to the user ID and the user key of the client. Optionally, the user ID and the user key that are established by the single sign-on application for the client are respectively registered through each network application, so as to obtain the login permission of each network application, wherein the registration can be performed according to the user ID and the user key, and the registration can also be performed through a newly-established account. Optionally, the single sign-on application or the network application judges whether the mobile terminal has the authority of the currently accessed network application according to the user key, so as to verify the access authority of the client.
In detail, the mobile terminal packages a user ID and a user key to generate a repeat request, and transmits the repeat request to the server. The server obtains the network application to be accessed by the mobile terminal through repeated requests. And acquiring the user ID and the user key through repeated requests, thereby acquiring one or more network applications associated with the network applications accessed by the user through the user ID.
In detail, the server forwards the repeat request to a plurality of associated network applications, and each network application acquires the user ID and the user key through the repeat request and provides the mobile terminal with successful login after verification passes. Optionally, the server parses the network application to be accessed according to the repeat request, so as to forward the repeat request to the network application. Optionally, the server obtains the user ID according to the repeated request, so as to obtain the network application that the mobile terminal has accessed according to the user ID, and further obtain the associated multiple network applications through the single sign-on application, and forward the associated multiple network applications to the mobile terminal, so that the mobile terminal can log in each network application successfully. And each network application authenticates the client through the user ID and the user key, so that the client logs in after the authentication is passed.
In some embodiments of the present invention, the server obtains the user ID through the repeat request, updates the user keys of the plurality of associated network applications and the respective network applications according to the user ID, and forwards the updated user ID and the updated user key to the plurality of associated network applications, and returns the updated user ID and the updated user key to the mobile terminal.
Optionally, the server stores and updates the web applications accessed by the different clients according to the user IDs by using the access database. Optionally, the server stores, through an association database, the user IDs of the different clients and the plurality of network applications associated with the accessed network applications, and updates the plurality of network applications associated in the association database according to the different network applications accessed by the mobile terminal each time. The server can search a plurality of associated network applications according to the user ID of the mobile terminal by using the association database, so that the repeated request is forwarded to each network application. Alternatively, the server stores and updates the user key based on the user ID using a key database, wherein the updated user key is obtained by each network application. And, the server returns the updated user ID and user key to the mobile terminal.
In some embodiments of the present invention, the single sign-on application establishes a different user key for each of the network applications. In detail, the mobile terminal accesses each network application through different user keys, and the login efficiency of the network application is further improved. Optionally, the server sends the user key to the corresponding network application.
In some embodiments of the present invention, the mobile terminal generates the repeat request by packaging one or more user keys. In detail, the mobile terminal generates a repeat request by packaging one or more user keys, so as to obtain the simultaneous access rights of one or more network applications by using the one or more user keys. Optionally, the repeated requests are respectively sent to a plurality of associated network applications, so that the network applications are logged in by a user by judging whether the network applications are matched with each user key, thereby avoiding a user key error caused by the operation of the mobile terminal and further preventing the problem that the network applications cannot access.
In some embodiments of the present invention, the access request includes identity authentication information of the mobile terminal. Through the identity authentication information of the mobile terminal, the server can conveniently authenticate whether the source of the mobile terminal is safe or not, and the communication safety of mobile office is further improved.
In some embodiments of the present invention, the authentication information includes any one or more of a TCP/IP protocol, an SSL protocol, a device public key, a device private key, a session key, and a digital signature.
In some embodiments of the present invention, the user ID is generated according to the identity authentication information. The user ID is generated according to the identity authentication information in the access request, so that the server can conveniently verify the identity of the mobile terminal, wherein the identity authentication information can be a digital signature or an equipment public key.
In some embodiments of the present invention, the user key of each of the network applications is generated according to the identity authentication information.
In some embodiments of the present invention, the user key of each of the network applications is generated by using different hash algorithms according to the device public key, the device private key, or the session key. The identity authentication information is subjected to the Hash algorithm to obtain the Hash value as the user key, so that the safety of mobile office is enhanced.
In some embodiments of the invention, the single sign-on application is a Javascript application.
It will be appreciated that the flow chart shown in fig. 1 is merely illustrative, and that the communication authentication method based on the secure authentication mechanism may also include more or fewer steps than shown in fig. 1, or have a different sequence of steps than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned database or storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
To sum up, a communication authentication method based on a security authentication mechanism provided in an embodiment of the present application:
the embodiment of the invention receives the access request of the mobile terminal through the server, thereby facilitating people to remotely send the access request of the network application through a mobile phone or other mobile terminals at any time and meeting the requirements of mobile office; the server forwards the access request to the network application, so that the mobile terminal can access the network application; the server forwards the access request to the single sign-on application, and associates a plurality of network applications through the single sign-on application, so that the access right of the mobile terminal to the plurality of network applications can be conveniently set; the single sign-on application establishes the same user ID for a plurality of associated network applications according to an access request sent by the mobile terminal, the single sign-on application establishes a user key of the user ID for each network application respectively, and returns the user ID and the user key to the mobile terminal through the server, so that the mobile terminal takes the user ID and the user key as a certificate for accessing the associated network applications again, the efficiency of accessing the plurality of network applications by the mobile terminal is improved, and high-efficiency office work is facilitated; the mobile terminal generates a repeat request by packaging the user ID and the user key and sends the repeat request to the server, so that the user ID and the user key are used as the credentials of the accessed network application, the access rights of the associated network applications are further acquired, and the safety of mobile office is improved; the server directly forwards the repeated request to the associated network applications without verifying whether the mobile terminal has the authority of different network applications, so that the problems of access failure and time delay of the mobile terminal are solved; and each network application acquires the user ID and the user key through repeated requests, and the mobile terminal is successfully logged in after verification is passed, so that the communication safety of mobile office is improved.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A communication authentication method based on a security authentication mechanism is characterized by comprising the following steps:
receiving an access request of a mobile terminal through a server, and forwarding the access request to a network application;
the server forwards the access request to a single sign-on application, and associates a plurality of network applications through the single sign-on application;
the single sign-on application establishes the same user ID for a plurality of associated network applications according to the access request, establishes a user key of the user ID for each network application, and returns the user ID and the user key to the mobile terminal through the server;
the mobile terminal generates a repeat request through the user ID and the user key and sends the repeat request to the server;
and the server forwards the repeated request to a plurality of associated network applications, and each network application acquires the user ID and the user key through the repeated request and successfully logs in the mobile terminal after verification passes.
2. The communication authentication method based on the security authentication mechanism according to claim 1,
the server obtains the user ID through the repeated request, updates the associated network applications and the user keys of the network applications according to the user ID, and forwards the network applications to the associated network applications, and returns the updated user ID and the updated user keys to the mobile terminal.
3. The communication authentication method based on the security authentication mechanism as claimed in claim 1, wherein the single sign-on application establishes a different user key for each network application.
4. The communication authentication method based on the security authentication mechanism as claimed in claim 3, wherein the mobile terminal generates the repeat request by packaging one or more user keys.
5. The communication authentication method based on the security authentication mechanism as claimed in claim 1, wherein the access request contains identity authentication information of the mobile terminal.
6. The communication authentication method based on the security authentication mechanism as claimed in claim 5, wherein the identity authentication information comprises any one or more of TCP/IP protocol, SSL protocol, device public key, device private key, session key and digital signature.
7. The communication authentication method based on the secure authentication mechanism according to claim 5, wherein the user ID is generated based on the identity authentication information.
8. The communication authentication method based on the security authentication mechanism as claimed in claim 5, wherein the user key of each network application is generated according to the identity authentication information.
9. The communication authentication method based on the security authentication mechanism as claimed in claim 8, wherein the user key of each network application is generated by using different hash algorithms according to the device public key, the device private key or the session key.
10. The communication authentication method based on the security authentication mechanism as claimed in any one of claims 1 to 9, wherein the single sign-on application is a Javascript application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010872948.1A CN111953711A (en) | 2020-08-26 | 2020-08-26 | Communication authentication method based on security authentication mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010872948.1A CN111953711A (en) | 2020-08-26 | 2020-08-26 | Communication authentication method based on security authentication mechanism |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111953711A true CN111953711A (en) | 2020-11-17 |
Family
ID=73367470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010872948.1A Pending CN111953711A (en) | 2020-08-26 | 2020-08-26 | Communication authentication method based on security authentication mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111953711A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769826A (en) * | 2021-01-08 | 2021-05-07 | 深信服科技股份有限公司 | Information processing method, device, equipment and storage medium |
| CN115913609A (en) * | 2022-09-08 | 2023-04-04 | 西安热工研究院有限公司 | A Bill Authentication Drift Method Based on National Secret Algorithm |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350717A (en) * | 2007-07-18 | 2009-01-21 | 中国移动通信集团公司 | A method and system for logging into a third-party server through instant messaging software |
| CN102868704A (en) * | 2012-10-11 | 2013-01-09 | 北京新媒传信科技有限公司 | Method and system for single sign on |
| CN108040072A (en) * | 2018-01-22 | 2018-05-15 | 公安部交通管理科学研究所 | The system and method for mobile Internet APP single-sign-ons under distributed network |
| CN109413032A (en) * | 2018-09-03 | 2019-03-01 | 中国平安人寿保险股份有限公司 | A kind of single-point logging method, computer readable storage medium and gateway |
-
2020
- 2020-08-26 CN CN202010872948.1A patent/CN111953711A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350717A (en) * | 2007-07-18 | 2009-01-21 | 中国移动通信集团公司 | A method and system for logging into a third-party server through instant messaging software |
| CN102868704A (en) * | 2012-10-11 | 2013-01-09 | 北京新媒传信科技有限公司 | Method and system for single sign on |
| CN108040072A (en) * | 2018-01-22 | 2018-05-15 | 公安部交通管理科学研究所 | The system and method for mobile Internet APP single-sign-ons under distributed network |
| CN109413032A (en) * | 2018-09-03 | 2019-03-01 | 中国平安人寿保险股份有限公司 | A kind of single-point logging method, computer readable storage medium and gateway |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769826A (en) * | 2021-01-08 | 2021-05-07 | 深信服科技股份有限公司 | Information processing method, device, equipment and storage medium |
| CN115913609A (en) * | 2022-09-08 | 2023-04-04 | 西安热工研究院有限公司 | A Bill Authentication Drift Method Based on National Secret Algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10721238B2 (en) | Parameter based key derivation | |
| EP3108612B1 (en) | Fingerprint based authentication for single sign on | |
| EP3694185B1 (en) | Method for facilitating federated single sign-on (sso) for internal web applications | |
| US9794227B2 (en) | Automatic detection of authentication methods by a gateway | |
| JP5694344B2 (en) | Authentication using cloud authentication | |
| US9240886B1 (en) | Authentication adaptation | |
| US9692757B1 (en) | Enhanced authentication for secure communications | |
| EP2761487B1 (en) | Parameter based key derivation | |
| US9805185B2 (en) | Disposition engine for single sign on (SSO) requests | |
| CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
| US20210084020A1 (en) | System and method for identity and authorization management | |
| CN111786969A (en) | Single sign-on method, device and system | |
| US7428748B2 (en) | Method and system for authentication in a business intelligence system | |
| CN111818088A (en) | Authorization mode management method and device, computer equipment and readable storage medium | |
| US10931662B1 (en) | Methods for ephemeral authentication screening and devices thereof | |
| CN111953711A (en) | Communication authentication method based on security authentication mechanism | |
| US20190182242A1 (en) | Authentication in integrated system environment | |
| US7631344B2 (en) | Distributed authentication framework stack | |
| CN116647345A (en) | Method and device for generating permission token, storage medium and computer equipment | |
| CN105812138A (en) | Logging-in processing method, processing device, user terminal, and logging-in system | |
| US20130061302A1 (en) | Method and Apparatus for the Protection of Computer System Account Credentials | |
| Emadinia et al. | An updateable token-based schema for authentication and access management in clouds | |
| CN108924104A (en) | A kind of method of E-Government encryption and decryption | |
| US20250106208A1 (en) | Establishing trust for an api call from a client to a target service using a relay gateway | |
| NL2021222B1 (en) | Method for secure encrypted digital services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201117 |
|
| RJ01 | Rejection of invention patent application after publication |