+

CN115134144A - Enterprise-level business system authentication method, device and system - Google Patents

Enterprise-level business system authentication method, device and system Download PDF

Info

Publication number
CN115134144A
CN115134144A CN202210741336.8A CN202210741336A CN115134144A CN 115134144 A CN115134144 A CN 115134144A CN 202210741336 A CN202210741336 A CN 202210741336A CN 115134144 A CN115134144 A CN 115134144A
Authority
CN
China
Prior art keywords
business system
authentication
information
client
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210741336.8A
Other languages
Chinese (zh)
Other versions
CN115134144B (en
Inventor
冯磊
夏扬
顾亮
孙珊珊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210741336.8A priority Critical patent/CN115134144B/en
Publication of CN115134144A publication Critical patent/CN115134144A/en
Application granted granted Critical
Publication of CN115134144B publication Critical patent/CN115134144B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides an enterprise-level business system authentication method, device and system, relates to the technical field of information authentication, can be used in the financial field, and comprises the following steps: receiving client login request authentication information sent by a service system server, verifying the login request, and returning a login page to a client browser terminal after the verification is passed; receiving account password information submitted by a client and carrying out validity verification on the client; and after the validity verification is passed, account number associated information of the multi-service system of the client is extracted, the account number associated information is encrypted and then sent to a service system server, and the service system server opens a transaction page for the client after the decryption verification is passed. According to the method and the system, the transaction function and the authentication function are decoupled by the plurality of service systems, and the authentication function is converged to the authentication server, so that the independence of the authentication system is enhanced, the module division and the responsibility are relatively clear, the influence of the change of the module on the transaction of other partner systems is minimized, and the flexibility of the service is ensured.

Description

企业级业务系统认证方法、装置和系统Enterprise-level business system authentication method, device and system

技术领域technical field

本申请涉及信息认证技术领域,可用于金融领域,尤其涉及一种企业级业务系统认证方法、装置和系统。The present application relates to the technical field of information authentication, which can be used in the financial field, and in particular, relates to an enterprise-level business system authentication method, device and system.

背景技术Background technique

目前来说,银行面对企业客户的业务系统越来越多,比如有企业网上银行、企业手机银行、融e购B2B商场、融e购商户中心、融e联服务管理平台等。当前企业客户如果需要使用一个业务系统的功能,需要先通过如下方式在当前业务系统注册用户信息:先打开业务系统页面,录入集团名称、营业执照或者组织机构代码,插入u盾、手机号、输入短信验证码等可信认证要素,完成当前业务系统的注册。当这个企业客户想要在另一个业务系统上使用功能时,就需要去另一个系统再重复注册一次流程。这就导致目前的企业级业务系统认证存在着如下问题:(1)在企业客户使用新系统时,需要重新注册客户信息再使用,注册过程繁琐。(2)客户在多个业务系统之间切换时需要重新登录,切换登录过程繁琐。(3)客户需要分别管理多个业务系统的用户信息,管理复杂。(4)当银行推出系统时,其存量客户群无法快速拓展为目标新系统的客户。(5)客户认证信息、客户基本信息,与客户在业务系统信息、权限信息耦合,可扩展性差。(6)不同业务系统的注册和认证信息分部管理,但业务上又趋向信息共享,增加了系统复杂度。At present, banks have more and more business systems for corporate customers, such as corporate online banking, corporate mobile banking, Ronge shopping B2B shopping malls, Ronge shopping merchant centers, and Rong e-link service management platforms. If a current enterprise customer needs to use the functions of a business system, they need to register user information in the current business system by the following methods: first open the business system page, enter the group name, business license or organization code, insert the u shield, mobile phone number, enter SMS verification code and other trusted authentication elements to complete the registration of the current business system. When the enterprise customer wants to use the function on another business system, it needs to go to another system and repeat the registration process again. This leads to the following problems in the current enterprise-level business system authentication: (1) When an enterprise customer uses the new system, the customer information needs to be re-registered for use, and the registration process is cumbersome. (2) Customers need to log in again when switching between multiple business systems, and the process of switching and logging in is cumbersome. (3) The customer needs to manage the user information of multiple business systems separately, and the management is complicated. (4) When the bank launched the system, its existing customer base could not quickly expand to the customers of the target new system. (5) The customer authentication information and basic customer information are coupled with the customer's business system information and authority information, and the scalability is poor. (6) The registration and authentication information of different business systems are managed by divisions, but the business tends to share information, which increases the complexity of the system.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发提供一种企业级业务系统认证方法、装置和系统,用于解决上述提及的至少一个问题。In view of this, the present invention provides an enterprise-level business system authentication method, apparatus and system, which are used to solve at least one of the problems mentioned above.

为了实现上述目的,本发明采用了以下方案:In order to achieve the above object, the present invention adopts the following scheme:

根据本发明的第一方面,提供一种企业级业务系统认证方法,所述方法包括:接收业务系统服务器上送的客户登录请求认证信息;根据所述客户登录请求认证信息进行登录请求验证,响应于所述登录请求验证通过,向客户浏览器端返回登录页面;接收客户基于所述登录页面提交的账号密码信息;根据所述账号密码信息对所述客户进行合法性验证;响应于所述合法性验证通过,提取所述客户的多业务系统的账号关联信息,并将所述账号关联信息加密后发送给所述业务系统服务器,由所述业务系统服务器解密验证通过后为所述客户打开业务系统交易页面。According to a first aspect of the present invention, an enterprise-level business system authentication method is provided. The method includes: receiving authentication information of a client login request sent by a business system server; After the login request is verified, return the login page to the client browser; receive the account password information submitted by the client based on the login page; verify the validity of the client according to the account password information; After the verification is passed, the account association information of the multi-service system of the customer is extracted, and the account association information is encrypted and sent to the business system server, and the business system server opens the business for the customer after passing the decryption and verification. System transaction page.

根据本发明的第二方面,提供一种企业级业务系统认证装置,所述装置包括:第一接收单元,用于接收业务系统服务器上送的客户登录请求认证信息;登录验证单元,用于根据所述客户登录请求认证信息进行登录请求验证,响应于所述登录请求验证通过,向客户浏览器端返回登录页面;第二接收单元,用于接收客户基于所述登录页面提交的账号密码信息;账号验证单元,用于根据所述账号密码信息对所述客户进行合法性验证;登录反馈单元,用于响应于所述合法性验证通过,提取所述客户的多业务系统的账号关联信息,并将所述账号关联信息加密后发送给所述业务系统服务器,由所述业务系统服务器解密验证通过后为所述客户打开业务系统交易页面。According to a second aspect of the present invention, an enterprise-level business system authentication device is provided, the device includes: a first receiving unit for receiving authentication information of a client login request sent by a business system server; a login verification unit for The client login request authentication information is used to verify the login request, and in response to the login request passing the verification, a login page is returned to the client browser; the second receiving unit is configured to receive the account password information submitted by the client based on the login page; an account verification unit, configured to perform legality verification on the client according to the account password information; a log-in feedback unit, configured to extract the account associated information of the client's multi-service system in response to passing the legality verification, and The account associated information is encrypted and sent to the business system server, and the business system server opens the business system transaction page for the client after decryption and verification are passed.

根据本发明的第三方面,提供一种企业级业务系统认证系统,所述系统包括:客户端、业务系统服务器和认证服务器,所述客户端分别和所述业务系统服务器及认证服务器通信相连,所述业务系统服务器和所述认证服务器之间通信相连,所述认证服务器包括如上所述的企业级业务系统认证装置。According to a third aspect of the present invention, an enterprise-level business system authentication system is provided, the system includes: a client, a business system server and an authentication server, wherein the client is respectively connected in communication with the business system server and the authentication server, The business system server and the authentication server are connected in communication, and the authentication server includes the enterprise-level business system authentication device described above.

根据本发明的第四方面,提供一种电子设备,包括存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的调试程序,所述处理器执行所述调试程序时实现上述企业级业务系统认证方法的步骤。According to a fourth aspect of the present invention, there is provided an electronic device including a memory, a processor, and a debug program stored on the memory and executable on the processor, the processor implements the debug program when the processor executes the debug program The steps of the above enterprise-level business system authentication method.

根据本发明的第五方面,提供一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述企业级业务系统认证方法的步骤。According to a fifth aspect of the present invention, there is provided a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the above-mentioned enterprise-level business system authentication method.

根据本发明的第六方面,提供一种计算机程序产品,包括计算机程序/指令,该计算机程序/指令被处理器执行时实现上述企业级业务系统认证方法的步骤。According to a sixth aspect of the present invention, a computer program product is provided, comprising computer programs/instructions, which implement the steps of the above enterprise-level business system authentication method when the computer program/instructions are executed by a processor.

本发明实施例提供的企业级业务系统认证方法、装置和系统,通过将交易功能和认证功能由多个业务系统所解耦,将认证功能内聚到认证服务器,从而使得认证系统独立性增强,模块划分和职责相对清晰,模块本身的变化对其它合作方系统交易影响降到最小,保证了业务的灵活性。The enterprise-level business system authentication method, device, and system provided by the embodiments of the present invention decouple the transaction function and the authentication function from multiple business systems, and integrate the authentication function into the authentication server, thereby enhancing the independence of the authentication system. The module division and responsibilities are relatively clear, and the changes of the module itself will minimize the impact on the system transactions of other partners, which ensures the flexibility of the business.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。在附图中:In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts. In the attached image:

图1是本申请实施例提供的一种企业级业务系统认证方法的流程示意图;1 is a schematic flowchart of an enterprise-level business system authentication method provided by an embodiment of the present application;

图2是本申请实施例提供的一种企业级业务系统认证方法的详细流程示意图;FIG. 2 is a detailed flowchart of an enterprise-level business system authentication method provided by an embodiment of the present application;

图3是本申请实施例提供的一种企业级业务系统认证装置的结构示意图;3 is a schematic structural diagram of an enterprise-level business system authentication device provided by an embodiment of the present application;

图4是本申请实施例提供的一种企业级业务系统认证系统的构成示意图;4 is a schematic diagram of the composition of an enterprise-level business system authentication system provided by an embodiment of the present application;

图5是本发明实施例提供的电子设备的示意图。FIG. 5 is a schematic diagram of an electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚明白,下面结合附图对本发明实施例做进一步详细说明。在此,本发明的示意性实施例及其说明用于解释本发明,但并不作为对本发明的限定。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention more clearly understood, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings. Here, the exemplary embodiments of the present invention and their descriptions are used to explain the present invention, but not to limit the present invention.

需要说明的是,本申请公开的一种企业级业务系统认证方法、装置和系统可用于金融领域,也可用于除金融领域之外的任意领域,本申请对公开的企业级业务系统认证方法、装置和系统的应用领域不做限定。It should be noted that an enterprise-level business system authentication method, device and system disclosed in this application can be used in the financial field, and can also be used in any field except the financial field. The application field of the device and system is not limited.

下面首先对本申请涉及的本领域一些技术术语作简单介绍:The following first briefly introduces some technical terms in the art involved in this application:

术语“SM4”:是一种分组密码算法,常用于无线互联网加密等领域。Term "SM4": is a block cipher algorithm commonly used in areas such as wireless Internet encryption.

术语“SM2”:一种公钥算法,其加密强度为256位。Term "SM2": A public key algorithm whose encryption strength is 256 bits.

如图1所示为本申请实施例提供的一种企业级业务系统认证方法的流程示意图,本实施例的实施主体是认证服务器,在具体实施中,该认证服务器的功能比如可以集成在现有的企业电子通信证服务器中予以实现,可以节约开发的硬件成本。该方法包括如下步骤:FIG. 1 is a schematic flowchart of an enterprise-level business system authentication method provided in an embodiment of the present application. The implementation subject of this embodiment is an authentication server. In specific implementation, the functions of the authentication server can be integrated into existing It can be implemented in the enterprise electronic communication certificate server, which can save the hardware cost of development. The method includes the following steps:

S101:接收业务系统服务器上送的客户登录请求认证信息。S101: Receive the authentication information of the client login request sent by the business system server.

在本实施例中,客户通过浏览器端发起注册和账号登录的时候,比如点击浏览器页面中的注册和登录按钮,业务系统服务器接收到该点击消息后,即会向认证服务器上送一客户登录请求认证信息。In this embodiment, when the client initiates registration and account login through the browser, for example, clicks the registration and login buttons on the browser page, after the business system server receives the click message, it will send a client to the authentication server. Login to request authentication information.

优选的,本步骤中的登录请求认证信息可以是业务系统服务器采用接口请求报文信息的形式进行上送的,该登录请求认证信息可以包括:经过SM4对称加密后的接口请求报文信息、有效时间戳和SM2私钥签名。通过国密算法SM4及SM2的加密传输,可以有效防止登录请求认证信息被篡改,有效时间戳可以防止登录请求认证信息被复用,可以保护系统的有效运行。Preferably, the login request authentication information in this step may be uploaded by the service system server in the form of interface request message information, and the login request authentication information may include: interface request message information after symmetric encryption by SM4, valid Timestamp and SM2 private key signature. Through the encrypted transmission of the national secret algorithm SM4 and SM2, the authentication information of the login request can be effectively prevented from being tampered with, and the effective time stamp can prevent the authentication information of the login request from being reused, which can protect the effective operation of the system.

S102:根据所述客户登录请求认证信息进行登录请求验证,响应于所述登录请求验证通过,向客户浏览器端返回登录页面。S102: Perform login request verification according to the client login request authentication information, and return a login page to the client browser in response to passing the login request verification.

在本实施例中,该登录请求验证可以通过业务系统服务器和认证服务器之间约定的规则进行认证,比如当上述登录请求认证信息中包括经过SM4对称加密后的接口请求报文信息、有效时间戳和SM2私钥签名时,该登录请求验证可以包括如下方式:对客户登录请求认证信息中的接口报文信息按照约定好的对称密钥SM4进行解密,并使用业务系统预留的SM2公钥验签。In this embodiment, the authentication of the login request may be performed according to the rules agreed between the service system server and the authentication server. For example, when the authentication information of the login request includes the interface request message information after symmetric encryption by SM4, the valid timestamp When signing with the SM2 private key, the login request verification can include the following methods: decrypt the interface packet information in the authentication information of the client login request according to the agreed symmetric key SM4, and use the SM2 public key reserved by the business system to verify sign.

当登录请求验证通过后,认证中心可以直接向客户浏览器端返回登录页面,而不再经过业务系统处理服务器,缩短了系统响应时间,避免因响应时间过长影响客户的使用体验。When the login request is verified, the authentication center can directly return the login page to the client's browser without going through the business system to process the server, which shortens the system response time and avoids affecting the customer's experience due to excessive response time.

S103:接收客户基于所述登录页面提交的账号密码信息。S103: Receive account password information submitted by the customer based on the login page.

S104:根据所述账号密码信息对所述客户进行合法性验证。S104: Perform legality verification on the client according to the account password information.

优选的,本步骤可以通过将所述账号密码信息与库存信息进行一致性比对来对所述客户进行合法性验证。Preferably, in this step, the legality of the customer can be verified by comparing the account password information with the inventory information for consistency.

S105:响应于所述合法性验证通过,提取所述客户的多业务系统的账号关联信息,并将所述账号关联信息加密后发送给所述业务系统服务器,由所述业务系统服务器解密验证通过后为所述客户打开业务系统交易页面。S105: In response to passing the legality verification, extract the account associated information of the customer's multi-service system, encrypt the account associated information and send it to the business system server, and the business system server decrypts and verifies that the pass is passed Then open the business system transaction page for the customer.

在本实施例中,企业客户在多个业务系统中只需要一个账号即可,其可以通过在柜台签署统一通行协议,由工作人员将其账号信息录入认证服务器,因此本实施例中账号关联信息可以包括如下信息:账号开通的对应业务系统信息及所述账号在对应业务系统中的权限信息等。另外,如果企业客户已经通过注册页面注册过一个或多个业务系统账号,也可以至柜台签署统一通行协议,保留其中一个账号来开通其他所需业务系统的登录权限。通过多业务系统账号在认证服务器中的关联,可以将业务系统的认证功能内聚到一起,改善客户的体验。In this embodiment, an enterprise customer only needs one account in multiple business systems, and the staff can enter the account information into the authentication server by signing a unified access agreement at the counter. Therefore, the account association information in this embodiment is The following information may be included: information of the corresponding business system for account opening, and permission information of the account in the corresponding business system, and the like. In addition, if corporate customers have registered one or more business system accounts through the registration page, they can also sign a unified access agreement at the counter and reserve one of the accounts to activate other required business system login permissions. Through the association of multiple business system accounts in the authentication server, the authentication functions of the business system can be integrated together to improve the customer experience.

优选的,本步骤中将所述账号关联信息加密后发送给所述业务系统服务器可以包括:对所述账号关联信息使用SM4对称加密生成统一令牌,并附上有效有效时间戳和SM2私钥签名一起发送给所述业务系统服务器。对应的,本步骤中业务系统服务器解密验证包括:业务系统服务器利用双方约定好的对称密钥SM4解密后,再使用SM2公钥验签。Preferably, in this step, encrypting the account associated information and sending it to the business system server may include: generating a unified token using SM4 symmetric encryption for the account associated information, and attaching a valid timestamp and an SM2 private key The signature is sent to the business system server together. Correspondingly, the decryption and verification of the business system server in this step includes: after the business system server decrypts with the symmetric key SM4 agreed upon by both parties, and then uses the SM2 public key to verify the signature.

优选的,本步骤中业务系统服务器收到所述统一令牌后,还可以在令牌还原后对所述统一令牌进行完整性校验,若完整性校验未通过,则通知认证服务器重新发送统一令牌。由上述描述可知,本实施例采用了基于国密的统一令牌的双向认证,保证用户信息的存储、传输和校验的完整性、一致性,免受未授权的篡改信息进行篡改的风险。Preferably, in this step, after receiving the unified token, the business system server may also perform an integrity check on the unified token after the token is restored, and if the integrity check fails, notify the authentication server to re-check Send a unified token. As can be seen from the above description, this embodiment adopts the two-way authentication based on the national secret unified token to ensure the integrity and consistency of the storage, transmission and verification of user information, and avoid the risk of unauthorized tampering of information.

为了更清楚地阐述本申请,下面通过图2对本申请的方法流程进行进一步阐述,如图2所示为本申请实施例提供的一种企业级业务系统认证方法的详细流程示意图,该方法包括如下步骤流程:客户浏览器端向业务系统服务器发起登录请求认证;业务系统服务器收到该请求后,通过对接口信息进行SM4加密和SM2签名后向企业电子通行证服务器上送客户登录请求认证信息;企业电子通行证服务器收到该登录请求接口信息后,解析接口信息报文,获得appid、密文和签名,然后根据对应对称密钥进行SM4解密,并对内容进行公钥SM2验签,验签通过后,为客户在客户端浏览器页面中打开认证服务页面;客户端浏览器在认证服务页面中输入账号密码进行登录,该账号密码信息通过网络发送给企业电子通行证服务器;企业电子通行证服务器收到该账号密码信息后,对其进行合法性校验,校验通过后,提取该客户多业务系统的账号关联信息,并对该账号关联信息使用SM4加密和SM2签名后生成统一令牌发送给业务系统服务器;业务系统服务器对收到的令牌进行还原,并检查令牌完整性,在完整性检查通过后,继续使用对称密钥进行SM4解密,并对内容进行公钥SM2验签,验签通过后,为客户端浏览器打开业务系统交易页面供客户操作。In order to illustrate the present application more clearly, the method flow of the present application will be further described below with reference to FIG. 2 . FIG. 2 shows a detailed schematic flow chart of an enterprise-level business system authentication method provided by an embodiment of the present application, and the method includes the following Step process: the client browser initiates a login request authentication to the business system server; after the business system server receives the request, it sends the client login request authentication information to the enterprise electronic pass server by performing SM4 encryption and SM2 signature on the interface information; After receiving the login request interface information, the electronic pass server parses the interface information message, obtains the appid, ciphertext and signature, and then performs SM4 decryption according to the corresponding symmetric key, and performs the public key SM2 signature verification on the content. , open the authentication service page in the client browser page for the client; the client browser enters the account password in the authentication service page to log in, the account password information is sent to the enterprise electronic pass server through the network; the enterprise electronic pass server receives the After the account and password information, verify its validity. After the verification is passed, extract the account associated information of the customer's multi-service system, and use SM4 encryption and SM2 signature for the account associated information to generate a unified token and send it to the business system. Server; the business system server restores the received token and checks the integrity of the token. After the integrity check is passed, it continues to use the symmetric key for SM4 decryption, and performs the public key SM2 signature verification on the content, and the signature verification is passed. After that, open the business system transaction page for the client browser for the client to operate.

综上所述,本发明实施例提供的企业级业务系统认证方法,通过将交易功能和认证功能由多个业务系统所解耦,将认证功能内聚到认证服务器,从而使得认证系统独立性增强,模块划分和职责相对清晰,模块本身的变化对其它合作方系统交易影响降到最小,保证了业务的灵活性。To sum up, the enterprise-level business system authentication method provided by the embodiment of the present invention enhances the independence of the authentication system by decoupling the transaction function and the authentication function from multiple business systems, and integrating the authentication function into the authentication server. , the module division and responsibilities are relatively clear, and the change of the module itself minimizes the impact on other partners' system transactions, ensuring the flexibility of the business.

如图3所示为本申请实施例提供的一种企业级业务系统认证装置的结构示意图,该装置包:第一接收单元310、登录验证单元320、第二接收单元330、账号验证单元340和登录反馈单元350,第一接收单元310和登录验证单元320相连,账号验证单元340分别和第二接收单元330及登录反馈单元350相连。FIG. 3 is a schematic structural diagram of an enterprise-level business system authentication device provided in an embodiment of the present application. The device includes a first receiving unit 310, a login verification unit 320, a second receiving unit 330, an account verification unit 340, and a In the login feedback unit 350, the first receiving unit 310 is connected with the login verification unit 320, and the account verification unit 340 is connected with the second reception unit 330 and the login feedback unit 350, respectively.

第一接收单元310用于接收业务系统服务器上送的客户登录请求认证信息。The first receiving unit 310 is configured to receive the authentication information of the client login request sent by the service system server.

优选的,该客户登录请求认证信息包括经过SM4对称加密后的接口请求报文信息、有效时间戳和SM2私钥签名。Preferably, the authentication information of the client login request includes the interface request message information, the valid time stamp and the SM2 private key signature after symmetric encryption by SM4.

登录验证单元320用于根据第一接收单元310接收的所述客户登录请求认证信息进行登录请求验证,响应于所述登录请求验证通过,向客户浏览器端返回登录页面。The login verification unit 320 is configured to verify the login request according to the authentication information of the client login request received by the first receiving unit 310, and return a login page to the client browser in response to the authentication of the login request being passed.

优选的,登录验证单元320对客户登录请求认证信息进行登录请求验证具体可包括:对客户登录请求认证信息中的接口报文信息按照约定好的对称密钥SM4进行解密,并使用业务系统预留的SM2公钥验签。Preferably, the login request verification performed by the login verification unit 320 on the client login request authentication information may specifically include: decrypting the interface packet information in the client login request authentication information according to the agreed symmetric key SM4, and using the service system reserved SM2 public key verification.

第二接收单元330用于接收客户基于所述登录页面提交的账号密码信息。The second receiving unit 330 is configured to receive the account password information submitted by the customer based on the login page.

账号验证单元340用于根据第二接收单元330接收的所述账号密码信息对所述客户进行合法性验证。The account verification unit 340 is configured to perform legality verification on the client according to the account password information received by the second receiving unit 330 .

优选的,账号验证单元340根据所述账号密码信息对所述客户进行合法性验证具体可包括:将所述账号密码信息与库存信息进行一致性比对来对所述客户进行合法性验证。Preferably, the account verification unit 340 performing legality verification on the customer according to the account password information may specifically include: comparing the account password information with inventory information for consistency to perform legality verification on the customer.

登录反馈单元350用于响应于所述合法性验证通过,提取所述客户的多业务系统的账号关联信息,并将所述账号关联信息加密后发送给所述业务系统服务器,由所述业务系统服务器解密验证通过后为所述客户打开业务系统交易页面。The login feedback unit 350 is configured to extract the account association information of the multi-service system of the customer in response to the passing of the legality verification, and encrypt the account association information and send it to the service system server, where the service system After passing the decryption and verification, the server opens the business system transaction page for the client.

优选的,该账号关联信息包括所述账号开通的对应业务系统信息及所述账号在对应业务系统中的权限信息。Preferably, the account association information includes information about the corresponding business system opened by the account and information about the authority of the account in the corresponding business system.

优选的,登录反馈单元350将所述账号关联信息加密后发送给所述业务系统服务器具体可以包括:对所述账号关联信息使用SM4对称加密生成统一令牌,并附上有效有效时间戳和SM2私钥签名一起发送给所述业务系统服务器。Preferably, the login feedback unit 350 encrypts the account association information and sends it to the business system server, which may specifically include: generating a unified token by using SM4 symmetric encryption for the account association information, and attaching a valid valid timestamp and SM2 The private key signature is sent to the business system server together.

相应的,业务系统服务器解密验证包括:业务系统服务器利用双方约定好的对称密钥SM4解密后,再使用SM2公钥验签。Correspondingly, the business system server decryption and verification includes: after the business system server decrypts with the symmetric key SM4 agreed upon by both parties, and then uses the SM2 public key to verify the signature.

优选的业务系统服务器收到所述统一令牌后,还可以对所述统一令牌进行完整性校验,若完整性校验未通过,则通知认证服务器重新发送统一令牌。After receiving the unified token, the preferred business system server may also perform an integrity check on the unified token, and if the integrity check fails, notifies the authentication server to resend the unified token.

以上各单元详细描述可以参见前述方法实施例中相应的描述,在此不再进行赘述。For detailed descriptions of the above units, reference may be made to the corresponding descriptions in the foregoing method embodiments, which will not be repeated here.

本发明实施例提供的企业级业务系统认证装置,通过将交易功能和认证功能由多个业务系统所解耦,将认证功能内聚到认证服务器,从而使得认证系统独立性增强,模块划分和职责相对清晰,模块本身的变化对其它合作方系统交易影响降到最小,保证了业务的灵活性。另外由于采用了基于国密的统一令牌的双向认证,可以保证用户信息的存储、传输和校验的完整性、一致性,免受未授权的篡改信息进行篡改的风险。The enterprise-level business system authentication device provided by the embodiment of the present invention decouples the transaction function and the authentication function from multiple business systems, and integrates the authentication function into the authentication server, thereby enhancing the independence of the authentication system, and the division of modules and responsibilities. Relatively clear, the change of the module itself minimizes the impact on the system transactions of other partners, ensuring the flexibility of the business. In addition, due to the use of the two-way authentication based on the national secret unified token, the integrity and consistency of the storage, transmission and verification of user information can be guaranteed, and the risk of unauthorized tampering of information can be avoided.

如图4所示为本申请实施例提供的一种企业级业务系统认证系统的构成示意图,该系统包括:客户端401、业务系统服务器402和认证服务器403,客户端401分别和业务系统服务器402及认证服务器403通信相连,业务系统服务器402和认证服务器403之间通信相连,该认证服务器403包括如上所述的企业级业务系统认证装置。FIG. 4 is a schematic diagram of the composition of an enterprise-level business system authentication system provided by an embodiment of the present application. The system includes: a client 401, a business system server 402, and an authentication server 403. The client 401 and the business system server 402 are respectively The authentication server 403 is connected in communication with the authentication server 403, and the service system server 402 and the authentication server 403 are communicatively connected, and the authentication server 403 includes the enterprise-level service system authentication device as described above.

发明实施例提供的企业级业务系统认证系统,通过将交易功能和认证功能由多个业务系统所解耦,将认证功能内聚到认证服务器,从而使得认证系统独立性增强,模块划分和职责相对清晰,模块本身的变化对其它合作方系统交易影响降到最小,保证了业务的灵活性。另外由于采用了基于国密的统一令牌的双向认证,可以保证用户信息的存储、传输和校验的完整性、一致性,免受未授权的篡改信息进行篡改的风险。In the enterprise-level business system authentication system provided by the embodiment of the invention, by decoupling the transaction function and the authentication function from multiple business systems, the authentication function is integrated into the authentication server, so that the independence of the authentication system is enhanced, and the module division and responsibilities are relatively relative. Clearly, the change of the module itself minimizes the impact on the system transactions of other partners, which ensures the flexibility of the business. In addition, due to the use of the two-way authentication based on the national secret unified token, the integrity and consistency of the storage, transmission and verification of user information can be guaranteed, and the risk of unauthorized tampering of information can be avoided.

图5是本发明实施例提供的电子设备的示意图。图5所示的电子设备为通用数据处理装置,其包括通用的计算机硬件结构,其至少包括处理器501和存储器502。处理器501和存储器502通过总线503连接。存储器502适于存储处理器501可执行的一条或多条指令或程序。该一条或多条指令或程序被处理器501执行以实现企业级业务系统认证方法中的步骤。FIG. 5 is a schematic diagram of an electronic device provided by an embodiment of the present invention. The electronic device shown in FIG. 5 is a general-purpose data processing apparatus, which includes a general-purpose computer hardware structure, which at least includes a processor 501 and a memory 502 . The processor 501 and the memory 502 are connected by a bus 503 . Memory 502 is adapted to store one or more instructions or programs executable by processor 501 . The one or more instructions or programs are executed by the processor 501 to implement the steps in the enterprise-level business system authentication method.

上述处理器501可以是独立的微处理器,也可以是一个或者多个微处理器集合。由此,处理器501通过执行存储器502所存储的命令,从而执行如上所述的本发明实施例的方法流程实现对于数据的处理和对于其他装置的控制。总线503将上述多个组件连接在一起,同时将上述组件连接到显示控制器504和显示装置以及输入/输出(I/O)装置505。输入/输出(I/O)装置505可以是鼠标、键盘、调制解调器、网络接口、触控输入装置、体感输入装置、打印机以及本领域公知的其他装置。典型地,输入/输出(I/O)装置505通过输入/输出(I/O)控制器506与系统相连。The above-mentioned processor 501 may be an independent microprocessor, or may be a set of one or more microprocessors. Thus, the processor 501 executes the commands stored in the memory 502 to execute the above-described method flow of the embodiments of the present invention to process data and control other devices. The bus 503 connects the above-mentioned various components together, while connecting the above-mentioned components to the display controller 504 and the display device and the input/output (I/O) device 505 . The input/output (I/O) device 505 may be a mouse, a keyboard, a modem, a network interface, a touch input device, a somatosensory input device, a printer, and other devices known in the art. Typically, input/output (I/O) devices 505 are connected to the system through input/output (I/O) controllers 506 .

其中,存储器502可以存储软件组件,例如操作系统、通信模块、交互模块以及应用程序。以上所述的每个模块和应用程序都对应于完成一个或多个功能和在发明实施例中描述的方法的一组可执行程序指令。Among them, the memory 502 may store software components, such as an operating system, a communication module, an interaction module, and an application program. Each of the modules and applications described above corresponds to a set of executable program instructions that perform one or more functions and methods described in embodiments of the invention.

本发明实施例还提供一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时以实现上述企业级业务系统认证方法的步骤。Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the above enterprise-level business system authentication method.

本发明实施例还提供一种计算机程序产品,包括计算机程序/指令,该计算机程序/指令被处理器执行时实现上述企业级业务系统认证方法的步骤。Embodiments of the present invention further provide a computer program product, including computer programs/instructions, when the computer program/instructions are executed by a processor, the steps of the above-mentioned enterprise-level business system authentication method are implemented.

综上所述,本发明实施例提供的企业级业务系统认证方法、装置和系统,可以通过将交易功能和认证功能由多个业务系统所解耦,将认证功能内聚到认证服务器,从而使得认证系统独立性增强,模块划分和职责相对清晰,模块本身的变化对其它合作方系统交易影响降到最小,保证了业务的灵活性。另外由于采用了基于国密的统一令牌的双向认证,可以保证用户信息的存储、传输和校验的完整性、一致性,免受未授权的篡改信息进行篡改的风险。To sum up, the enterprise-level business system authentication method, device, and system provided by the embodiments of the present invention can decouple the transaction function and the authentication function from multiple business systems, and integrate the authentication function into the authentication server, so that the The independence of the authentication system is enhanced, the division of modules and responsibilities are relatively clear, and changes in the modules themselves have minimal impact on other partners' system transactions, ensuring business flexibility. In addition, due to the use of the two-way authentication based on the national secret unified token, the integrity and consistency of the storage, transmission and verification of user information can be guaranteed, and the risk of unauthorized tampering of information can be avoided.

以上参照附图描述了本发明的优选实施方式。这些实施方式的许多特征和优点根据该详细的说明书是清楚的,因此权利要求旨在覆盖这些实施方式的落入其真实精神和范围内的所有这些特征和优点。此外,由于本领域的技术人员容易想到很多修改和改变,因此不是要将本发明的实施方式限于所例示和描述的精确结构和操作,而是可以涵盖落入其范围内的所有合适修改和等同物。The preferred embodiments of the present invention have been described above with reference to the accompanying drawings. The many features and advantages of these embodiments are apparent from this detailed description, and the appended claims are therefore intended to cover all such features and advantages of these embodiments as fall within their true spirit and scope. Furthermore, since many modifications and changes will readily occur to those skilled in the art, the embodiments of the present invention are not intended to be limited to the precise construction and operation illustrated and described, but are intended to cover all suitable modifications and equivalents falling within the scope thereof thing.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

以上所述的具体实施例,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施例而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above further describe the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above-mentioned specific embodiments are only specific embodiments of the present invention, and are not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.

Claims (12)

1.一种企业级业务系统认证方法,其特征在于,包括:1. an enterprise-level business system authentication method, is characterized in that, comprises: 接收业务系统服务器上送的客户登录请求认证信息;Receive the authentication information of the client login request sent by the business system server; 根据所述客户登录请求认证信息进行登录请求验证,响应于所述登录请求验证通过,向客户浏览器端返回登录页面;Perform login request verification according to the client login request authentication information, and return a login page to the client browser in response to passing the login request verification; 接收客户基于所述登录页面提交的账号密码信息;Receive the account password information submitted by the customer based on the login page; 根据所述账号密码信息对所述客户进行合法性验证;Verify the legitimacy of the customer according to the account and password information; 响应于所述合法性验证通过,提取所述客户的多业务系统的账号关联信息,并将所述账号关联信息加密后发送给所述业务系统服务器,由所述业务系统服务器解密验证通过后为所述客户打开业务系统交易页面。In response to passing the legality verification, extract the account associated information of the client's multi-service system, and encrypt the account associated information and send it to the business system server, which is decrypted and verified by the business system server. The customer opens the business system transaction page. 2.根据权利要求1所述的企业级业务系统认证方法,其特征在于,所述客户登录请求认证信息包括:经过SM4对称加密后的接口请求报文信息、有效时间戳和SM2私钥签名。2 . The enterprise-level business system authentication method according to claim 1 , wherein the authentication information of the client login request comprises: interface request message information after symmetric encryption by SM4, valid time stamp and SM2 private key signature. 3 . 3.根据权利要求2所述的企业级业务系统认证方法,其特征在于,所述根据所述客户登录请求认证信息进行登录请求验证包括:3. The enterprise-level business system authentication method according to claim 2, wherein the performing login request verification according to the client login request authentication information comprises: 对客户登录请求认证信息中的接口报文信息按照约定好的对称密钥SM4进行解密,并使用业务系统预留的SM2公钥验签。Decrypt the interface packet information in the authentication information of the client login request according to the agreed symmetric key SM4, and use the SM2 public key reserved by the service system to verify the signature. 4.根据权利要求1所述的企业级业务系统认证方法,其特征在于,所述根据所述账号密码信息对所述客户进行合法性验证包括:将所述账号密码信息与库存信息进行一致性比对来对所述客户进行合法性验证。4. The enterprise-level business system authentication method according to claim 1, characterized in that, performing legality verification on the customer according to the account password information comprises: performing consistency between the account password information and inventory information The comparison is used to verify the legitimacy of the client. 5.根据权利要求1所述的企业级业务系统认证方法,其特征在于,5. The enterprise-level business system authentication method according to claim 1, wherein, 将所述账号关联信息加密后发送给所述业务系统服务器包括:对所述账号关联信息使用SM4对称加密生成统一令牌,并附上有效有效时间戳和SM2私钥签名一起发送给所述业务系统服务器;Encrypting the account association information and sending it to the business system server includes: generating a unified token using SM4 symmetric encryption for the account association information, and attaching a valid timestamp and an SM2 private key signature to send to the business system server; 所述业务系统服务器解密验证包括:业务系统服务器利用双方约定好的对称密钥SM4解密后,再使用SM2公钥验签。The business system server decryption and verification includes: after the business system server decrypts with the symmetric key SM4 agreed upon by both parties, and then uses the SM2 public key to verify the signature. 6.根据权利要求5所述的企业级业务系统认证方法,其特征在于,所述业务系统服务器收到所述统一令牌后,对所述统一令牌进行完整性校验,若完整性校验未通过,则通知认证服务器重新发送统一令牌。6. The enterprise-level business system authentication method according to claim 5, wherein after receiving the unified token, the business system server performs an integrity check on the unified token. If the verification fails, notify the authentication server to resend the unified token. 7.根据权利要求5所述的企业级业务系统认证方法,其特征在于,所述账号关联信息包括所述账号开通的对应业务系统信息及所述账号在对应业务系统中的权限信息。7 . The enterprise-level business system authentication method according to claim 5 , wherein the account association information includes the corresponding business system information opened by the account and the authority information of the account in the corresponding business system. 8 . 8.一种企业级业务系统认证装置,其特征在于,包括:8. An enterprise-level business system authentication device, comprising: 第一接收单元,用于接收业务系统服务器上送的客户登录请求认证信息;a first receiving unit, configured to receive the authentication information of the client login request sent by the business system server; 登录验证单元,用于根据所述客户登录请求认证信息进行登录请求验证,响应于所述登录请求验证通过,向客户浏览器端返回登录页面;a login verification unit, configured to verify the login request according to the authentication information of the client login request, and return a login page to the client browser in response to the verification of the login request being passed; 第二接收单元,用于接收客户基于所述登录页面提交的账号密码信息;a second receiving unit, configured to receive the account password information submitted by the customer based on the login page; 账号验证单元,用于根据所述账号密码信息对所述客户进行合法性验证;an account verification unit, configured to perform legality verification on the customer according to the account password information; 登录反馈单元,用于响应于所述合法性验证通过,提取所述客户的多业务系统的账号关联信息,并将所述账号关联信息加密后发送给所述业务系统服务器,由所述业务系统服务器解密验证通过后为所述客户打开业务系统交易页面。The login feedback unit is used to extract the account associated information of the multi-service system of the customer in response to the passing of the legality verification, and encrypt the account associated information and send it to the business system server, and the business system After passing the decryption and verification, the server opens the business system transaction page for the client. 9.一种企业级业务系统认证系统,其特征在于,所述系统包括:客户端、业务系统服务器和认证服务器,所述客户端分别和所述业务系统服务器及所述认证服务器通信相连,所述业务系统服务器和所述认证服务器之间通信相连,所述认证服务器包括如权利要求8所述的企业级业务系统认证装置。9. An enterprise-level business system authentication system, characterized in that the system comprises: a client, a business system server and an authentication server, wherein the client is respectively connected to the business system server and the authentication server in communication, and the The business system server and the authentication server are communicatively connected, and the authentication server includes the enterprise-level business system authentication device according to claim 8 . 10.一种电子设备,包括存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至7任一项所述企业级业务系统认证方法的步骤。10. An electronic device, comprising a memory, a processor, and a computer program stored on the memory and running on the processor, wherein the processor implements claim 1 when the processor executes the computer program Steps of any one of to 7 of the enterprise-level business system authentication method. 11.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至7任一项所述企业级业务系统认证方法的步骤。11 . A computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the enterprise-level business system authentication method according to any one of claims 1 to 7 are implemented. 12 . 12.一种计算机程序产品,包括计算机程序/指令,其特征在于,所述计算机程序/指令被处理器执行时实现权利要求1至7任一项所述企业级业务系统认证方法的步骤。12. A computer program product, comprising computer programs/instructions, wherein when the computer program/instructions are executed by a processor, the steps of the enterprise-level business system authentication method according to any one of claims 1 to 7 are implemented.
CN202210741336.8A 2022-06-28 2022-06-28 Enterprise-level business system authentication method, device and system Active CN115134144B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210741336.8A CN115134144B (en) 2022-06-28 2022-06-28 Enterprise-level business system authentication method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210741336.8A CN115134144B (en) 2022-06-28 2022-06-28 Enterprise-level business system authentication method, device and system

Publications (2)

Publication Number Publication Date
CN115134144A true CN115134144A (en) 2022-09-30
CN115134144B CN115134144B (en) 2025-04-15

Family

ID=83379343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210741336.8A Active CN115134144B (en) 2022-06-28 2022-06-28 Enterprise-level business system authentication method, device and system

Country Status (1)

Country Link
CN (1) CN115134144B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116074099A (en) * 2023-02-15 2023-05-05 西安热工研究院有限公司 A method for providing two-factor authentication based on radius protocol
CN116318869A (en) * 2023-02-15 2023-06-23 西安热工研究院有限公司 Method for taking over application system authentication and realizing double-factor authentication based on CAS protocol

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105007280A (en) * 2015-08-05 2015-10-28 郑州悉知信息技术有限公司 Application sign-on method and device
CN106330918A (en) * 2016-08-26 2017-01-11 杭州迪普科技有限公司 Multi-system login method and device
US20180076956A1 (en) * 2016-02-02 2018-03-15 International Business Machines Corporation System and method for generating a server-assisted strong password from a weak secret
CN108600203A (en) * 2018-04-11 2018-09-28 四川长虹电器股份有限公司 Secure Single Sign-on method based on Cookie and its unified certification service system
CN109815656A (en) * 2018-12-11 2019-05-28 平安科技(深圳)有限公司 Login authentication method, apparatus, device, and computer-readable storage medium
CN109981561A (en) * 2019-01-17 2019-07-05 华南理工大学 Monomer architecture system moves to the user authen method of micro services framework
CN111181977A (en) * 2019-12-31 2020-05-19 瑞庭网络技术(上海)有限公司 Login method, device, electronic equipment and medium
CN113709181A (en) * 2021-09-10 2021-11-26 未鲲(上海)科技服务有限公司 Website login method, device, equipment and storage medium based on browser plug-in
CN113746811A (en) * 2021-08-13 2021-12-03 网宿科技股份有限公司 Login method, device, equipment and readable storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105007280A (en) * 2015-08-05 2015-10-28 郑州悉知信息技术有限公司 Application sign-on method and device
US20180076956A1 (en) * 2016-02-02 2018-03-15 International Business Machines Corporation System and method for generating a server-assisted strong password from a weak secret
CN106330918A (en) * 2016-08-26 2017-01-11 杭州迪普科技有限公司 Multi-system login method and device
CN108600203A (en) * 2018-04-11 2018-09-28 四川长虹电器股份有限公司 Secure Single Sign-on method based on Cookie and its unified certification service system
CN109815656A (en) * 2018-12-11 2019-05-28 平安科技(深圳)有限公司 Login authentication method, apparatus, device, and computer-readable storage medium
CN109981561A (en) * 2019-01-17 2019-07-05 华南理工大学 Monomer architecture system moves to the user authen method of micro services framework
CN111181977A (en) * 2019-12-31 2020-05-19 瑞庭网络技术(上海)有限公司 Login method, device, electronic equipment and medium
CN113746811A (en) * 2021-08-13 2021-12-03 网宿科技股份有限公司 Login method, device, equipment and readable storage medium
CN113709181A (en) * 2021-09-10 2021-11-26 未鲲(上海)科技服务有限公司 Website login method, device, equipment and storage medium based on browser plug-in

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谭小谭: "多个系统间是怎么保证统一登录的", Retrieved from the Internet <URL:https://cloud.tencent.com/developer/article/14653…> *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116074099A (en) * 2023-02-15 2023-05-05 西安热工研究院有限公司 A method for providing two-factor authentication based on radius protocol
CN116318869A (en) * 2023-02-15 2023-06-23 西安热工研究院有限公司 Method for taking over application system authentication and realizing double-factor authentication based on CAS protocol

Also Published As

Publication number Publication date
CN115134144B (en) 2025-04-15

Similar Documents

Publication Publication Date Title
US11025435B2 (en) System and method for blockchain-based cross-entity authentication
US11533164B2 (en) System and method for blockchain-based cross-entity authentication
US8843415B2 (en) Secure software service systems and methods
CN108781161B (en) A blockchain-implemented method for controlling and distributing digital content
WO2021000420A1 (en) System and method for blockchain-based cross-entity authentication
US9838205B2 (en) Network authentication method for secure electronic transactions
US20080235513A1 (en) Three Party Authentication
EP3788523A1 (en) System and method for blockchain-based cross-entity authentication
KR101530809B1 (en) Dynamic platform reconfiguration by multi-tenant service providers
CN109450843B (en) A blockchain-based SSL certificate management method and system
US12033142B2 (en) Authenticator app for consent architecture
CN105162607A (en) Authentication method and system of payment bill voucher
GB2515057A (en) System and Method for Obtaining a Digital Signature
CN112115205A (en) Cross-chain trust method, device, equipment and medium based on digital certificate authentication
CN112905979A (en) Electronic signature authorization method and device, storage medium and electronic device
CN113094725B (en) Encryption and decryption method and system for bidding documents opened remotely and intensively
CN115134144B (en) Enterprise-level business system authentication method, device and system
CN115801281A (en) Authorization method, electronic device, and computer-readable storage medium
CN113869901B (en) Key generation method, key generation device, computer-readable storage medium and computer equipment
JP6742557B2 (en) Authentication system
KR101581663B1 (en) Authentication and non-repudiation method and system using trusted third party
JP2013017089A (en) Electronic signature system, signature server, signer client, electronic signature method, and program
US20250165957A1 (en) Cryptographic root of identity
CN119544227A (en) A method, device, equipment and medium for cross-domain data sharing
CN120744955A (en) A method, device, equipment and medium for authorizing tamper-proof table

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载