51results about How to "Implement single sign-on" patented technology

The invention relates to a single sign-on integrated method for Form identity authentication in a single sign-on system. The single sign-on system comprises a Web application program, a Web server, a login request proxy page, a login authentication proxy page, a login authentication HTTP (hypertext transfer protocol) plug-in, a browser, an identity service system, a master account database and a master-slave account binding database. The method includes that the login request proxy page receives and acquires an HTTP request of the login page to guide a user not logging in to log in the identity service system; the identity service system submits a security token authenticating identity of the user to an account name and a password authentication URL (uniform resource locator) of the Web application system to be accessed by the user through the browser after performing the identity authentication of the user; the login authentication proxy page or the HTTP plug-in completes the security token authentication and adds the local account name and password of the Web application system to the HTTP request after receiving or intercepting the HTTP request submitted to the account name and the password authentication URL, so that the user can log in the Web application system.

This invention utilizes the good architecture design presented by the latest Internet protocol IPv6, combines with safety domain name (DN) service, extends the existed ID verification system functions, realizes the bounding relation between the user ID and recent real IPv6 address to offer a reliable security service for the upper application. In the user management domain, there are a net access control server (NACS), an ID authentication server (IDAS) and a DN server. NACS recognizes the registered user via a 3-element group consisted of user computer source MAC address, the source IPv6 address and the port. IDAS authenticates the user ID recognition and defines related accessing priority. DN server establishes the positive-negative direction relations between user private DN and IPv6 address. This invention provides more effective ID authentication means and possesses a great extendable function to meet the requirement of the future Internet application development.

The invention discloses an intelligent police actual combat comprehensive application platform. The intelligent police actual combat comprehensive application platform comprises a data acquisition platform, a data resource management platform, a business integration platform and an application integration platform, wherein the data acquisition platform is used for acquiring public security basic data of various application business information systems of public security; the data resource management platform is used for storing the acquired various business data and establishing a comprehensive database of public security data, social aspect information, governments and other department information; the business integration platform is used for integrating various information of the data resource management platform and establishing a data warehouse to realize system level and business module level integration, unified login, unified portal and unified business handling functions, business integration of the business systems and business collaboration and data multiplexing of the business systems; and the application integration platform is used for establishing a unified application platform integrating functions of public security intelligence information comprehensive application, intelligence studying and judging comprehensive analysis and police geographic information basis application. The intelligent police actual combat comprehensive application platform can promote public security informatization application to be popularized and deepened, thereby comprehensively improving the overall application level.

The invention provides a single sign-on method. The method comprises the following steps: in response to a login request of a user for a subsystem, reading a shared token by the subsystem from a cookie under the local domain; respectively writing the shared token into the cookie under the local domain of the subsystem and a cookie under the local domain of an sso system when the user passes the login authentication of the sso system; if the shared token is not read in the cookie under the local domain of the subsystem, then sending the user login request to a single sign-on system by the subsystem based on a url address of the single sign-on system through a url redirection way, wherein the user login request carries the url address of the subsystem; reading the shared token by the sso system from the cookie under the local domain; if the shared token is read from the cookie under the local domain of the sso system, then returning the shared token to the subsystem based on the url address of the subsystem through the redirection way; and calling a login authentication interface of the sso system by the subsystem, and submitting the shared token to the sso system and initiating cross-domain single sign-on authentication.

A secure Java Web application page tag library system supported by multiple strategies comprises a secure logging module, a secure context service module, a strategy definition file, a Web secure server subassembly, a Web security responding generator, a secure tag library and a responding page. The secure Java Web application page tag library system can provide various page tags controlled by secure access on a Web page and basically contains expression forms of all page tags in a JSP tag library, thereby providing a set of high-efficiency integral page developing tag library with a secure access control function for developers. The secure Java Web application page tag library supported by multiple strategies can not only accomplish a basic page HTML control component display function but also display visible and available resources of a user according to the own authority of the user after being installed, and the developers need not carrying out extra coding work.

The invention discloses an APP real name authentication secure login system based on a mobile phone IMSI. The system comprises an IMSI authentication APP development SDK, an IMSI authentication server and an IMSI session server. Wherein, the IMSI authentication APP development SDK is provided for a third party APP development manufacturer by an IMSI authentication system, and a third party APP uses the SDK in a development process. The IMSI authentication server receives an authentication login request initiated by the third party APP and returns an authentication result. The IMSI session server registers an authentication login record of the third party APP and manages and records online information of a user APP. In addition, the invention further discloses an APP real name authentication secure login method based on the mobile phone IMSI. By adopting the system and the method disclosed by the invention, the APP application experience of the user is perfected, the login procedure is simplified, the development complexity of the login authentication part of the third party APP manufacturer is reduced, and the development time is shortened.

The invention discloses a single login system, in particular a cross-domain single login system applied to a TV station. The prior single login system can not cross a domain and singly log in among a plurality of browsers simultaneously. The system comprises a lightweight directory access protocol (LDAP) authentication server, a single login server and a single login user terminal, wherein the LDAP authentication server is used for storing the organization structure information and the user information of application systems and authenticating the user information; the single login server submits authentication information or other operation requests to the LDAP authentication server and obtains an authentication result or an operation result from the LDAP authentication server, and the single login user terminal is used for transferring a conversation token among the application systems. The system can realize the single login of all the application systems in different domains in the TV station, and the application systems can be of a B/S or C/S structure.

Embodiments of the invention provide a single sign on method, an application client side, a browser, a terminal and a server. The application client side sends a login request based on the application client side to a network side; when receiving a personal identification request sent from the network side, the application client side invokes the browser and gives an indication that the browser sends an access request with application client side information to the network side, wherein when a user logs in successfully through the browser, the access request also carries login information; if the user fails to login, the access request is used for triggering a login process through the browser so as to obtain a login result based on the browser; and a login result based on the application client side determined by the network side according to the login information or the login result is received. The problem that single sign on of Webs and application programs costs a lot of system resources is solved. The invention relates to the technical field of mobile communication.

The present invention discloses a data center middleware system. According to the data center middleware system, definition of data and registration management of applications are provided, and data is analyzed and defined in a manner of virtual objects; the applications connected to a data center are registered, and data objects associated with each of the applications and read-write permission of the data objects are determined; describing is carried out on definition of the data objects and setting of the applications by creating a data center describing file language (DDL), a describing file based on an XML (X Exrensible Markup Language) format is formed, different development languages can generate localized development components suitable for calling aiming at the file, and the generated development components comprise a data center client service, data object definition and data manipulation API (Application Program Interface). According to the data center middleware system disclosed by the present invention, the uniform data center can be created in a B/S (Brower/Server) mode, data synchronization and uniform identity authentication services can be provided for each of application systems, and a uniform data warehouse can be created by various types of persistent data storage systems.

The invention discloses an authentication and access method. The authentication and access method includes logging on a first server through a user name, generating an authentication mark related to time of logging on the first server after passing authentication, writing the user name and the authentication mark into a database of the first server and databases of one or a plurality of second servers connected with the first server, starting access modules configured at the second servers to read authentication marks from the databases of the second servers according to the user name if the second servers are accessed by the first server according to the user name, comparing the read authentication marks with the authentication mark read from the database of the first server, and being allowed to continue to access the second servers if comparison result is consistent. The invention further provides a corresponding authentication system. By the method and the system, single-point logging on between the two types of servers is achieved, and accordingly integrated authentication efficiency of the authentication system is improved on the whole.

The invention relates to the technical field of electric power system security, in particular to an electric power operation and maintenance security defending system. Internal operation and maintenance staff or external technicians access a server through a client. The electric power operation and maintenance security defending system comprises an operation and maintenance management module which is disposed between the client and the server. The account password information of the server is stored in the operation and maintenance management module which is used for creating an operation and maintenance account and setting authority for the client. The electric power operation and maintenance security defending system has the advantages that single sign-on of an application system requiring electric power operation and maintenance can be achieved, the identity logging in the system can be identified and certified, access and operation can be authorized, operation process can be monitored, violation operation can be stopped, and the whole system is safe and reliable.

The embodiment of the invention discloses a method and device for achieving single sign on of applications in a terminal. The same logging information is set for all the applications in the terminal. The method further includes the steps that when the applications in the terminal log on, logging confirmation messages are read from a sharing storage space; if the logging confirmation messages exist in the sharing storage space, the logging confirmation messages are directly read for logging; if the logging confirmation messages do not exist in the sharing storage space, logging certification is carried out on the applications to obtain the logging confirmation messages and to log on, and meanwhile the obtained logging confirmation messages are stored in the sharing storage space. The embodiment of the invention further discloses a device corresponding to the method. According to the method and device, the same logging information is set for all the applications in the terminal, when the applications log on, the applications read in the logging confirmation messages in the sharing storage space and log on, and therefore single sign on of the applications in the terminal is achieved.

The invention relates to application of a network authorization technology, in particular to a JWT-based authorization method capable of being manually revoked, which is an efficient, recyclable and instantly-updated authorization mechanism based on an access token. The method comprises a program used for providing login certificate verification and a server access token verification process; theprogram for providing the login certificate verification comprises the following steps: 1a, querying user information according to the login certificate; 2a, judging whether the user information can be obtained or not, and generating token ID assembly token data if the user information can be obtained; 3a, performing digital signature on the token data in the 2a; 4a, storing the token informationin a persistent database, and creating an access token record; 5a, setting the token to an X-Access-Token response header, and ending the authentication; 6a, judging whether the user information can be obtained or not in the 2a, and if the user information cannot be obtained, directly ending the authentication.

With the rapid development of a 5G network, traditional cloud computing cannot meet the requirements of edge devices in the aspects of computational analysis, resource processing and the like. Therefore, a multi-access edge computing (MEC) (Multi-Access Edge Computing) is provided. The MEC technology has the characteristic of openness, and is convenient for various service operators to develop and deploy third-party applications based on user service requirements. However, this also causes the resource data stored in the environment to be inevitably subjected to some security and privacy threats. Therefore, in order to ensure the security of the privacy data in the MEC, the invention provides a single sign-on mechanism based on OAuth2.0 and oriented to the MEC environment. The mechanism (1) realizes user identity authentication and authorization oriented to the MEC environment, and ensures the security of resource data in the MEC by verifying the authenticity of user identity information and authorizing the identity access authority; and (2) unified authentication is realized, the repeated registration process of the user is effectively reduced, the user experience is improved, and the management cost of a service operator on account information is reduced at the same time.

The invention discloses a terminal, a server and a login method during application access. The terminal comprises a first acquisition module, a judgment module, a second acquisition module and a login module, wherein the first acquisition module acquires an access request of a terminal application; the judgment module judges whether a current user logins a preset account center according to the access request; when the current user is judged to login in the account center, the second acquisition module acquires temporary authority of the terminal application; the login module exchanges the temporary authority for formal authority to access the terminal application. With the adoption of the scheme, single sign-on between the account center and the application self-established by a terminal manufacturer is realized, repeated login operation of the user can be avoided, the login efficiency and user experience are improved, single sign-on is performed by exchanging the issued temporary authority for the formal authority, the login safety is improved, and the user experience is further improved.

The invention discloses a network customer service and pass management system based on doctor on-line interaction. The system comprises an application logic layer, a single sign-on unit, an object cache unit, a database, a background service unit, a synchronous service unit, a list item and a query and search unit which are mutually connected. The system can more effectively integrate the user resources of a platform, provides more convenient and professional service, can greatly improve the user experience, is favorable for establishing good use public praise, and contributes to wider popularization.

The invention discloses an enterprise management informatization system construction method based on private cloud, which comprises the following steps of: establishing an enterprise informatization basic resource hardware system by adopting a private cloud technology, and providing an informatization resource platform for the interior; establishing a personnel basic database to realize user information multiplexing and single sign-on; classifying and summarizing information of various assets, equipment, materials, products and buildings of the enterprise, and establishing a unified asset information platform; establishing an enterprise-based financial account information database according to the enterprise financial statement and the subject information; and according to the establishedpersonnel basic database, asset information platform and financial account information database, constructing a basic data framework of enterprise resource elements, establishing various information management platforms, and realizing system construction based on a unified data standard in enterprise information management. According to the invention, the resource configuration level is improved,the system resource utilization rate is optimized, the downtime caused by a single-node fault is avoided, and the problems of hardware aging and fault transfer of the system are fundamentally solved.

The invention discloses a multi-terminal fusion territorial resource mobile government affair system based on a heterogeneous network, which mainly relates to the technical field of government affairsystems and comprises an overall architecture module and a security design module, wherein the overall architecture module comprises a mobile office unit, a mobile terminal application, a mobile database, a mobile application server, mobile application software and a mobile configuration management workstation, and the security design module comprises a terminal access security unit, a storage security unit, a transmission security unit, an operation security unit and a mechanism security unit. According to the invention, the unified territorial resource mobile government affair platform of the mobile terminal and the PC terminal is applied as a whole, seamless connection between a territorial resource bureau mobile office application and a government affair system application is realized,and integrated application of the business approval system at the mobile terminal and the PC terminal is realized; and based on a mobile wireless network, high collaborative application with an e-government affair system is realized, and dual expansion and extension of territorial office and government affair application in time and space are completed.

The invention discloses a split terminal single sign-on combined authentication method and system. The method comprises the steps that a BA in an OpenID is redirected to an OP by an RP, and the OP generates a Session Id and pushes the Session Id to the BA; communication is carried out between an AA and the OP according to the Session Id acquired by the AA, the OP instructs the AA to carry out SDALS authentication, and after authentication is carried out between the AA and an IdPDALS, the OP generates a random number Nonce2 and sends the random number Nonce2 to the AA according to an acquired session key K1 between the OP and the AA and an authentication result of the AA; the AA sends the Session Id, the acquired session key K1 and the received random number Nonce2 to the BA; OpenID authentication is carried out on the OP and the RP by the BA according to the Session Id, the session key K1 and the random number Nonce2. According to the split terminal single sign-on combined authentication method and system, single sign-on is achieved based on a split terminal under the condition that a GBA is not arranged, and then various WEB services can be available.

The invention discloses a method for implementing single sign on in a multi-domain environment. In the multi-domain environment, each domain is configured with a Kerberos authentication server, the authentication servers share a credential, and the authentication server of one domain is set as a default authentication server. According to the method, a group policy is set on a domain controller, ascript is executed when a user logs in the domain, and the domain information to which the user belongs is added to a User-Agent identifier of the browser. The default authentication server can redirect users to the authentication server of the belonging domain based on the domain information in this field for Kerberos authentication. By adoption of the method disclosed by the invention, the problem of single sign on of the user in the multi-domain environment is effectively solved, and the user in the domain can access all application systems just by inputting once password during the startup. As the domain authentication servers share the credential, no additional burden is brought to a Web application program, the Web application program only needs to interact with the default authentication server, and just like the single domain environment, the existence of the multi-domain environment does not need to be concerned.

The invention discloses a school educational administration management system. The system comprises a database system and an educational administration management system connected with the database system. The database system is used for acquiring data, exchanging the acquired data according to an exchange rule and then storing the data; the educational administration management system is used forreading and managing data stored in the database system, and the data comprises student data, teacher data, classroom data, semester data, grade data, class data, subject data and course information;the educational administration management system comprises a course selection and arrangement system, and the course selection and arrangement system is used for arranging course schedule data according to course data selected by students and data stored in the database system. By arranging the database system, integration of an existing system, a system to be built, application systems of all departments and future development or operation systems of other units and organizations within a proper range is achieved, and high sharing and exchange of information are achieved on the basis of integration.

The invention provides a single sign-on tamper-proofing method and device, computer equipment and a storage medium. The method comprises the following steps: obtaining first login information of a user logging in a server, associating the first login information with a first tag, generating a private key and a public key which are bound with each other, packaging and encrypting the first tag in the public key, and storing the public key in a session library of the server, thereby realizing the encryption of the tag, and preventing an illegal person from inputting the tag into the session library and directly entering the server; sending the private key to a pre-associated terminal device; obtaining a to-be-verified private key input by the user through the terminal equipment; judging whether the to-be-verified private key is the same as a private key or not, if yes, searching whether a public key corresponding to the private key exists in a session library, if yes, decrypting the public key by the private key to obtain a first label, and obtaining first login information corresponding to the first label to log in a server again through the first login information, thereby realizing single sign-on of a user.