Unlock instant, AI-driven research and patent intelligence for your innovation.

Distributed system security authentication method based on JWT

A distributed system and security authentication technology, applied in the field of JWT-based distributed system security authentication, can solve the problems of increased application system development complexity, bloated technical architecture, difficult maintenance, etc., to save development and operation and maintenance costs, improve Verify performance and ensure the effect of architecture performance

Pending Publication Date: 2020-03-24
SAIC MAXUS AUTOMOTIVE CO LTD
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This solution can provide effective security protection through the third-party platform, but the disadvantage is that the whole system is relatively complicated, and it takes 5 requests to access a resource. Although the open source framework can encapsulate the complexity of the system in the dependency package, the resource access process Additional requests in the middle will inevitably cause performance loss
[0005] Since the security authentication mechanism of a distributed system needs to be composed of two parts: user authentication and service authentication, and the existing mainstream solutions provide two completely different solutions for the two parts, the unity of the security authentication mechanism is very difficult. Difficult to guarantee, often resulting in increased complexity of application system development, bloated technical architecture and difficult maintenance
[0006] In addition, in the definition of JwtToken itself in the prior art, there are limitations in setting the validity period of the token
The validity period is included in the Token body and is part of the plaintext of the signature. Therefore, the validity period cannot be modified by subsequent operations. This makes JwtToken itself unable to actively exit within the validity period setting range, so it cannot be used for stateful users. Authentication Scenario

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed system security authentication method based on JWT
  • Distributed system security authentication method based on JWT
  • Distributed system security authentication method based on JWT

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0078] The user side maintains the token (Token) in local storage media such as Cookie, localStorage, sessionStorage, etc., which ensures the scalability of the solution.

[0079] The verification method for the user side of the Auth authentication service is: verify the authentication conditions of the user side through a single sign-on system (SSO), etc., and the authentication conditions generally include whether the user name and password are correct or not.

[0080] Please see attached figure 2 , when the user side accesses the resource provider, the access sequence is as follows:

[0081] Step 1: Build the Auth authentication service and provide a token (Token) issuance interface, which is called by the user side.

[0082] Step 2: The Auth authentication service generates a pair of public key and private key, maintains the private key locally, and provides the public key to all resource providers. The public key is provided to the resource provider offline in advance....

Embodiment 2

[0104] The service party maintains the token (Token) in storage media such as Redis, database, and memory.

[0105] The authentication conditions of the Auth authentication service for the server generally include whether the service code and the password are consistent or not.

[0106] Please see attached image 3 , when the server accesses the resource provider, the access sequence is as follows:

[0107] Step 1: Build the Auth authentication service and provide a token (Token) issuing interface, which is called by the service party.

[0108] Step 2: The Auth authentication service generates a pair of public key and private key, maintains the private key locally, and provides the public key to all resource providers. The public key is provided to the resource provider offline in advance. The resource provider integrates the Auth dependency package. The Auth dependency package maintains the public key corresponding to the private key carried by the Auth authentication servi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a distributed system security authentication method based on JWT, which comprises the following steps: 1, constructing an Auth authentication service, and providing a token issuing interface which is called by an access party; 2, the Auth authentication service generating a pair of public key and private key, locally maintaining the private key, and providing the public keyfor all resource providers; 3, the access party requesting an Auth authentication service to obtain the token, and after the Auth authentication service verifies the access party, signing and issuingthe token to the access party by using a private key; 4, the access party maintaining the token locally, carrying the token in the request header and requesting the resource provider to access the resource; and 5, the resource provider verifying the token locally through the public key, analyzing the token after the token passes the verification, and providing resources for the access party. Thetechnical scheme of user authentication and service authentication is unified, development, operation and maintenance cost is saved, and the method is suitable for distributed architecture design andcan be applied to wider service scenes.

Description

technical field [0001] The present invention relates to an identity authentication method in communication technology, in particular to a distributed system security authentication method based on JWT. JWT is JSON WEB TOKEN, which means an identity security token. Background technique [0002] In a distributed application system, the security authentication system is the basis of the entire application system, and generally includes two parts: user authentication (that is, system login status) and service authentication (that is, security credentials for mutual calls between background services). [0003] For user authentication, the commonly used solution in the prior art is the way of Cookie+Session, wherein, Cookie is the data stored on the user's local terminal, Session is called session control in network applications, and the Session object stores the information needed for a specific user session. properties and configuration information. That is, a random SessionID ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/30H04L9/32H04L29/06H04L29/08
CPCH04L63/08H04L63/06H04L9/302H04L9/3249H04L9/3213H04L67/02
Inventor 陈伟峰
Owner SAIC MAXUS AUTOMOTIVE CO LTD