Distributed unified authentication method and system

Abstract

The invention relates to a distributed unified authentication method and system. The method comprises: an application server receives identity verification information and sends the information to a corresponding identity authentication sub module; the identity authentication sub module checks whether verification data are stored locally or not; if so, the identity verification information is authenticated based on the verification data; and if not, the identity verification information is sent to a unified identity authentication server to carry out authentication; and the application server executes a corresponding service according to the obtained application server result and corresponding user permission. According to the invention, the unified identity authentication server is used for carrying out centralized management of user identities; and a plurality of distributed identity authentication sub modules are used to provide verification data for corresponding application servers respectively, so that the application servers can carry out identity authentication directly on the identity authentication sub modules. Only when the identity authentication sub modules are lack of verification data dose the unified identity authentication server carry out authentication. Therefore, problems of a single-point fault and performance bottleneck are solved.

Description

technical field [0001] The invention relates to security authentication technology, in particular to a distributed unified authentication method and system. Background technique [0002] In the IT system, authentication service is an important service to protect the interests of customers and system security. At present, the more common authentication services usually use a single centralized system to realize the unified authentication of user identities. Such as figure 1 As shown in , it is a schematic diagram of the unified identity authentication process of the existing single system. The certification process includes the following steps: [0003] Step 101, the user USER wants to log in to the application server AppServer, so the user terminal sends the identity account and password (id, password) to the application server AppServer; [0004] Step 102, the application server AppServer itself does not verify and authenticate the identity account and password (id, pass...

AI Technical Summary

Problems solved by technology

[0008] 1. There are single point of failure and performance bottleneck risks. Once the authentication server that provides centralized authentication services fails, all application servers interacting with it will be unable to implement the identity authentication function, and thus cannot provide services for users. In addition, when there is a high concurrency The identity authentication request will also cause the performance bottleneck pressure of the authentication server;

[0009] 2. For the existing local system, if you want to incorporate the existing single identity authentication system, you need to modify the local system, but because the application service and identity authentication function modules of the existing local system are usually tightly coupled , so the modification amount is relatively large

Images