Terminal authentication method and device based on single sign-on

Abstract

The embodiment of the invention discloses a terminal authentication method and device based on single sign-on. The method comprises the following steps: a single sign-on server receives log-on evidence generated by a terminal to be authenticated carried in an authentication request of the terminal, wherein the log-on evidence at least comprises a serial number and verification information, the serial number is generated according to an initial random number distributed for the terminal by the single sign-on server and the cumulative number of terminal authentication, and the verification information is generated according to a shared key between the terminal and the single sign-on server; the single sign-on server judges that the terminal to be authenticated passes authentication if the serial number of the terminal to be authenticated is matched with the serial number of a terminal recorded by the single sign-on server; and otherwise, the authentication of the terminal to be authenticated fails. By adopting the method and the device, replay attack is prevented, and the singe log-on efficiency is increased.

Description

technical field [0001] The present invention relates to the technical field of communication, in particular to a terminal authentication method and device based on single sign-on. Background technique [0002] Single Sign On (SSO) is one of the more popular enterprise business integration solutions. Single sign-on technology means that in multiple application systems that support single sign-on, users only need to log in once to access all mutually trusted application systems. At present, a large number of Internet services, especially Web services, use single sign-on technology . Using the single sign-on technology can greatly reduce the password input operation of the user and reduce the number of passwords that the user needs to memorize. At the same time, single sign-on technology can also simplify the development complexity of websites or business platforms, without the need to implement complex user authentication protocols, and without storing massive amounts of aut...

AI Technical Summary

Problems solved by technology

[0017] For the first method, although it prevents the possibility of intercepting the login credentials in the channel and replaying them, it does not prevent the attacker from intercepting the login credentials data from one SP at the source and then accessing another SP, so there are still security issues, and This method requires the communication links between the terminal and IDP and SP to use secure connections such as SSL and TLS, which increases the complexity of the implementation of the terminal and the platform, increases the interaction time, and has low single-sign-on efficiency.

[0018] For the second method, although the one-time login credential basically solves the problem of replay, it requires the terminal to access each SP website to first authenticate to the IDP and request the login credential, which increases the number of interactions for users to access services and prolongs the time spent by users. Waiting time, single sign-on efficiency is low

Images