Authentication method and authentication system

Abstract

This application discloses an authentication method and an authentication system. The authentication method includes: sending the distribution request information of the first temporary key to the client server through the user terminal, and generating and sending the distribution request information including the user key account number and the first temporary key to the user terminal after the client server verifies the distribution request information. and the first response information of the session policy information, the client sends the cloud service request information generated based on the first response information to the cloud server through the client, and the cloud service request information carries the user key account number, session policy information and generated using the first temporary key The signature of the cloud service request information is authenticated by the cloud server based on the user key account and session policy information, and the second response information in response to the cloud service request information is sent to the client after the authentication is passed. The authentication method in the embodiment of the present application reduces the interaction process between the client server and the cloud server, and reduces the authentication pressure on the cloud server.

Description

technical field [0001] The present application relates to the technical field of computer network, in particular to the technical field of computer network authentication, especially to an authentication method and an authentication system. Background technique [0002] In public cloud services, customers (such as website owners) need to provide users (such as Internet users) with direct access to resources stored in the cloud (such as audio and video) in web pages or applications, so as to avoid unnecessary transfer of data through the customer's server. network transmission. In order to ensure security, the application programming interface provided by cloud storage is implemented by signing requests with public and private keys. When accessing web pages or applications, public and private keys need to be configured to be used. However, web pages or applications are distributed to users (netizens), and there is a risk that malicious users can decipher the customer's key, ...

AI Technical Summary

Problems solved by technology

[0004] However, the above two technologies have the following risks: 1. Based on the authorization mechanism of key fragments, the interfaces opened by cloud services that support key fragment signatures are fixed. When customers have new needs and need to increase temporary access to the interface , the configuration of the cloud server needs to be upgraded; at the same time, after the malicious user obtains the key fragment, these open interfaces are equivalent to being completely open to it, and there is still the problem that customer data will be destroyed

2. Temporary key mechanism. Every time a web page or application requests a temporary key from the client, the client needs to apply to the cloud’s identity identification and access management system IAM. The customer’s business increases or the customer’s business logic is improper (such as repeatedly applying for temporary keys) key), the pressure on IAM itself is too great, which affects the basic authentication service

Images