CN103888265B - A kind of application login system and method based on mobile terminal - Google Patents
A kind of application login system and method based on mobile terminal Download PDFInfo
- Publication number
- CN103888265B CN103888265B CN201410144378.9A CN201410144378A CN103888265B CN 103888265 B CN103888265 B CN 103888265B CN 201410144378 A CN201410144378 A CN 201410144378A CN 103888265 B CN103888265 B CN 103888265B
- Authority
- CN
- China
- Prior art keywords
- user
- mobile terminal
- authentication
- module
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000005516 engineering process Methods 0.000 claims abstract description 22
- 238000004422 calculation algorithm Methods 0.000 claims description 39
- 238000004891 communication Methods 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 15
- 238000004364 calculation method Methods 0.000 claims description 9
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 238000013475 authorization Methods 0.000 claims description 5
- 238000010200 validation analysis Methods 0.000 claims description 5
- 230000001360 synchronised effect Effects 0.000 claims description 2
- 230000007474 system interaction Effects 0.000 claims 1
- 230000006870 function Effects 0.000 description 12
- 238000013507 mapping Methods 0.000 description 12
- 230000005540 biological transmission Effects 0.000 description 9
- 238000001514 detection method Methods 0.000 description 6
- 230000003993 interaction Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000196324 Embryophyta Species 0.000 description 1
- 235000012364 Peperomia pellucida Nutrition 0.000 description 1
- 240000007711 Peperomia pellucida Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of login system and method based on mobile terminal, comprising authentication computer authentication service module and application, terminal authentication authentication service module, system authentication authentication service etc..User computer is authenticated by the mutual scanning discovery of short-distance wireless technology and according to certification mode with mobile terminal, when User logs in is applied, application request system initiates logging request to mobile terminal simultaneously, system waits certification and the authenticating result to terminal after receiving the request of user in system end, terminal, which is received, alternatively to be verified after user identity according to security setting after the request of user data and landing request information that can authenticate terminal identity issuing system, the data that system is sent to mobile phone carry out the certification and authentication to terminal, such as pass through, the application of user on the access device is then allowed to log in.By equipment discovery and certification and based on mobile terminal authentication and certification, a kind of convenient automatically registering service experience has been provided the user.
Description
Technical field
The present invention relates to internet and field of terminal technology, a kind of application login system based on mobile terminal is particularly related to
And method.
Background technology
It is one with the development of the development of Internet technology and terminal software technology, particularly internet and terminal technology
Plant application login system and method based on mobile terminal and provide feasibility.
When user uses software on apparatus such as computer, it is often necessary to logged in, it is necessary to which user inputs user name, password
The even input such as identifying code, complex steps are, it is necessary to which user remembers substantial amounts of log-on message, i.e. username and password, and there is use
Frequently in transmission over networks, there is the hidden danger of safety in transmitting procedure, because the data of transmission over networks in name in an account book code data
All it may be ravesdropping and analyze on any one node of transmission, or by wooden horse Malware in access equipment such as computer
The possibility of password is stolen, user needs to put into the log-on message that larger energy safeguards different software, and Consumer's Experience needs
To raising, it is necessary to which we find out a method for not only having ensured safety but also having improved login efficiency.
With mobile terminal become increasingly popular and the occupation rate of intelligent terminal is improved on a large scale, intelligent terminal turn into people
Indispensable articles for use in daily life, the function of intelligent terminal is become stronger day by day, and autgmentability is also slow with traditional apparatus such as computer
Slow equally matched and more powerful under many circumstances, the touch-screen on such as mobile terminal can provide gesture, word it is defeated
Enter, or fingerprint recognition or terminal action induction, these functions can it is integrated on mobile terminals.
Meanwhile, the development of short-distance wireless technology, comprising bluetooth, WIFI-DIRECT, the technology such as NFC it is all increasingly mature and by
Gradually spread on mobile terminal and on computer equipment, based on short-distance wireless technology, we can be within a less distance
Such as the scope in tens meters to several centimetres, scanning and the neighbouring equipment of discovery and the interaction for carrying out data.
Therefore, privacy and portability based on mobile terminal, it is contemplated that regarding the mobile terminal of user as certification
With a kind of mechanism of authentication user, or perhaps user is in the key of system, and user logs within equipment distance without input
Information or on mobile terminals simply identification user identity after, system identification and checking user mobile terminal simultaneously based on move
The confidence level of dynamic terminal assigns user the corresponding access rights in access equipment such as computer.
In view of this, it is a kind of simple and easy to apply it is an object of the invention to propose, with reference to short-distance wireless technology and software engineering
A kind of application login system and method based on mobile terminal.
The content of the invention
As can be seen from above:
System includes background system, three parts of mobile terminal and access equipment, and methods described is comprised the following steps:
1) user sets access equipment, mobile terminal, system phase in system registry, user bound identity and mobile terminal
Proof rule between mutually;
2) user access device and customer mobile terminal by short-distance wireless technology carry out mutual scanning discovery and according to
The selected certification mode in family, carries out the unidirectional or two-way authentication between equipment;
3) mobile terminal Validation Mode is selected when user logs in application on the access device, application request system is logged in
While to finding and authenticated mobile terminal initiates logging request;
4) background system is received after the logging request of user, is calculated authentication data and inquiry in background system and is compared
The certification uploaded to mobile terminal and authorization data;
5) mobile terminal receives the checking request of user, and mobile terminal verifies basis after user identity according to security setting
The certification arranged with system and authentication arithmetic, the data and landing request information of the mobile terminal identity that can be authenticated are issued
System is authenticated and authenticated;
6) data that background system is sent to mobile terminal carry out the certification and authentication to terminal, such as pass through, then allow to use
The application of family on the access device is logged in.
Further, a kind of the application login system and method based on mobile terminal that are provided are passed through to be a kind of based on eventually
The development of the application registering service at end provides powerful guarantee, meets the requirement of user each side, lifts user friendly experience.
To achieve the above object, one aspect of the present invention provide a kind of application login system based on mobile terminal and
Method, the system includes:
Background system is mainly included:
Registration and binding module, certification and authentication module, data module, update module, wherein, registration and binding module are born
Blame the registration of user and the binding of user terminal and user identity;
System authentication and authentication module are responsible for certification and the authentication of user identity and terminal;
Data module is responsible for preserving user data and business datum;
Update module is responsible for system, the corresponding software upgrading of terminal and access equipment end and upgrading;
Mobile terminal is mainly included:
Registration and binding module, scanning and discovery module, authentication module, certification and authentication module, communication module update mould
Block, wherein:
Registration and binding module are responsible for registration terminal and user profile to system, and system is bound;
Scanning and discovery module are responsible for according to short-distance wireless agreement, include bluetooth, WIFI-DIRECT, NFC short-distance wireless skill
Art, scanning and discovery User logs in equipment, authentication module are responsible for the equipment room proof rule and verification algorithm set according to user
To neighbouring other equipment, verify whether as believable equipment;
Authentication module is responsible for verifying whether the equipment on the periphery found is user's registration and setting for specifying according to verification algorithm
It is standby;Authentication module is responsible for certification and the authorization data calculated according to the access information and terminal of user, to user and equipment
It is authenticated and authenticates;
Communication module is responsible for carrying out the transmitted in both directions of communication and data with authenticated equipment;
Update module is responsible for interacting with system, upgrades and updates the software of end side;
Access equipment is included:Using login module, scanning and discovery module, authentication module, communication module, update module;
Wherein, login module is responsible for initiating to ask the logging request of system and the login authentication of terminal, scanning and discovery
Module is responsible for scanning the mobile terminal on access equipment periphery, and mobile terminal can be scanned on access equipment periphery, verify mould
Block is responsible for verifying whether the mobile terminal on the periphery found is user's registration and the terminal device bound, communication according to verification algorithm
Module is responsible for carrying out the transmitted in both directions that communication carries out data with the terminal by checking, and update module is responsible for being handed over system
Mutually, the software of upgrading and renewal access equipment side.
In one embodiment of a kind of application login system and method based on mobile terminal that the present invention is provided, this method
Also include:
User obtains the user identity and corresponding access rights of system after system is registered, and uses the use obtained
Family accesses identity information login system in terminal, and client terminals acquisition terminal characteristic is synchronized to system, obtains system
Various data needed for the checking calculating of distribution, system binding user and mobile terminal, after binding success, user, which is set, to be accessed
Proof rule between equipment and the equipment of mobile terminal.
Scanning of the equipment by short-distance wireless progress each other, discovering device, and according between user's set device
Proof rule, comprising equipment room Validation Mode, comprising unidirectional or bi-directional device signature verification, password authentication, passes through testing for agreement
Demonstrate,prove whether algorithm is credible come the equipment for verifying discovery, verification algorithm module is present in system, end as scalable software module
On end and access equipment.
User opens application request login system, in the case where user's selection is logged in by mobile terminal checking, application
Login is sent with the authenticated mobile terminal device for being present in periphery to having been found that while sending logging request to system
Checking request, the mobile terminal that requests verification is crossed apply the logging request that user is contained in login authentication, request message
Information.
System receives the logging request of application, the information asked according to User logs in, in system-computed certification and authentication
Calculate, and inquire about the mobile terminal authentication and authentication calculations object information of the corresponding binding of logging request session of active user,
It is compared with the result of calculation of system end, determines whether effective request that effective mobile terminal is sent, is such as effective
Mobile terminal and authentication result of calculation unanimously then thinks that the request that mobile terminal is sent is effective, it is allowed to which user is in access equipment
Log in, such as wait time-out if judge this User logs in request failure simultaneously loopback error message to access equipment.
Mobile terminal receives the login authentication solicited message of user, and mobile terminal is set according to the local security of user,
Can be by the input of terminal in itself, mobile terminal input includes fingerprint recognition, gesture, the side that password and mobile terminal are supported
Formula verifies user identity, simultaneously, additionally it is possible to is intervened without user and directly approves the solicited message of the authenticated terminal, according to
The calculating that the certification of system agreement and authentication arithmetic and the calculating parameter of system distribution are authenticated and authenticated, by mobile terminal
The data and login sessions information that certification and authentication calculations algorithm are calculated issue system and are authenticated and authenticate, and system is to movement
The data that terminal is sent are authenticated and certification, are such as passed through, then allow user to be logged in application, otherwise refuse this login.
In one embodiment of a kind of application login system and method based on mobile terminal that the present invention is provided, this method
Also include:
Certification and authentication module that each part is included, are authenticated and authenticate to user and mobile terminal, as
The scalable module that one of each part of system arranges mutually is present, and its specific algorithm can be by system, movement eventually
The update module of each part of end and access equipment carries out the upgrading and replacement of algorithm and function, and is not limited to specific
Algorithm.
Specifically there is advantages below:
Password need not be inputted:
After registration and binding terminal is carried out, user is when needing login to apply, without defeated in access equipment such as computer
Enter password or even can be logged in without user name is inputted, it is convenient for users without user's memory cipher.
Security is improved:
By certification and authentication arithmetic, calculating and submit respectively in end side and system side can be with the number of identification terminal identity
According to system is compared the data of terminal and system and judged, username and password no longer needs to be passed on network
Pass, improve the security used.
To prevent safety problem that the situation of lost terminal is present, end side can also further by mobile terminal from
The input capability of body and checking device, comprising gesture, fingerprint recognition, the mode of Password Input verifies the user of terminal, enters
One step ensures the safety of user.
Meanwhile, it is scalable software module to be responsible for checking equipment and the certification of user identity and authentication module, by soft
The fixed different security algorithm of peace treaty can be used in part upgrading, is further ensured that safety.
Improve security in autonomous channel:
The login of traditional mode and the passage of data transfer are same passage, and the safety and transmission channel of computer all may
There is risk, logging request and checking data channel are isolated into the data channel and mobile terminal of access equipment end such as computer such as
The data channel of mobile phone terminal, it is difficult to eavesdrop two kinds of passages simultaneously, further increases security.
Automated log on, improves usage experience:
Pass through the automatically scanning and access end equipment such as computer and the mobile terminal such as hand of discovery registration and binding of equipment room
After machine, PAD etc., the equipment by the registration that checking matching is permitted for user, you can automated log on, improving the business of user makes
With experience.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is present system modular structure schematic diagram.
Fig. 2 is present system user profile mapping association schematic diagram.
Fig. 3 is user's registration of the present invention and binding schematic flow sheet.
Fig. 4 is that present device verifies schematic flow sheet.
Fig. 5 is that the present invention publishes operation flow schematic diagram.
Fig. 6 is registering service schematic flow sheet of the present invention.
Embodiment
The present invention is described more fully with reference to the accompanying drawings, wherein illustrating the exemplary embodiment of the present invention.
To achieve the above object, it is proposed that a kind of application login system and method based on mobile terminal.
Below by way of with reference to accompanying drawing, embodiments of the present invention are described.
Realize that the key point of a kind of application login system based on mobile terminal and method is as follows:
User's registration and apparatus bound:
User is registered in system, system distributing user information and authority, after user registration success, in access equipment such as
System is accessed by ad hoc mode on computer and mobile terminal, mobile terminal side gathers the characteristic information of user terminal, comprising
Hardware characteristics data, software features data, hardware characteristics data take the data for obtaining and possessing uniqueness characteristic in equipment, comprising
Access the CPU sequence numbers on host equipment such as computer, the SIM card ID in the hardware characteristics information such as MAC Address and mobile terminal
The characteristic of the uniqueness such as information, fuselage code, the data such as termination number, or MAC Address, and software features data, it is such as soft
The Key of the specific participation calculating of part type and edition data, and the calculating parameter that system is distributed, such as system distribution is to use
Family, system is bound user profile and mobile terminal, alternatively whether is limited access equipment according to user and is bound access
The computer that host equipment, such as user are used, license and equipment feature letter are logged in when device request accesses system by checking equipment
Breath and calculating parameter, are delivered to system after these data are calculated according to mobile terminal authentication and authentication function and are verified,
As, it is believed that this equipment is the credible equipment of user, it is the user to accept the equipment if.
Meanwhile, access equipment end such as computer and mobile terminal can also preserve the characteristic information of other side mutually, scanning and sending out
Verified automatically during existing counterpart device, to reduce equipment connection and verification step, realize automatic connection and accelerate data exchange
Speed.
Device scan and checking:
Access the end equipment such as computer and mobile terminal that user uses include bluetooth, WIFI- by short-distance wireless technology
The mutual scanning phase of the technologies such as DIRECT, NFC or DLNA and discovery, after discovery, according to being set for unidirectional or two-way device authentication,
Such as computer verifies that whether mobile phone is the mobile phone bound, or whether the computer equipment that mobile phone checking is found is that the host specified sets
Standby, the equipment being verified just allows the interaction for carrying out data.
The mode of checking is comprising calculating Hash equipment characteristic value or in computer request access mobile terminal, and user is in terminal
Input access code, comprising fingerprint recognition, gesture password, word password come strengthen access security, verified again after each
The mode of cryptographic Hash carry out license connection.
Or the automatic mode for calculating and verifying is taken, the mobile terminal data preserved in binding is tested by access equipment
Automatic connection after mobile terminal is demonstrate,proved to intervene without user.
The mode of acquiescence takes access equipment such as computer to verify the unidirectional authentication mode of mobile terminal, to facilitate user can be with
Change different access computer equipments and access system.
A simple verification algorithm function is lifted, for example:HASH is (when need to verify the KEY+ of MAC Address+system distribution of equipment
Between the parameter such as stamp+random number).
Need the equipment result that calculates algorithm and partial parameters of checking, such as the MAC Address of inquiry session message or with
Message is sent to other side, and other side can be verified according to same algorithm.
The module of checking is software module that is scalable and updating, and system can be more when required by upgrading and update module
The specific algorithm newly verified.
User logs in:
User logs in contains login of the user in host accesses equipment and the checking to mobile terminal.
User starts in host accesses equipment, such as computer using being logged in, logging request be sent to simultaneously system with
It has been found that with authenticated mobile terminal device, login request message includes the feature of the access host equipment after calculating
Value, optionally with name in an account book, the application message of login, the data such as timestamp, system is after the logging request of user is received, checking
Whether it is legal login, such as user name exists in the system and whether specifies the access specified for validated user, or user
Host equipment, waits the result to mobile terminal, such as the login authentication to mobile terminal please if for legal logging request
Information is asked then to allow the login at access equipment end by certification and authentication.
Mobile terminal is received after the login request message of user, alternatively, verifies the logging request of the user, comprising logical
Cross fingerprint recognition, gesture, access pin mode, it is legal access request to judge the request, or is set according to user, such as user
Setting verifies and handles the login request message without fingerprint, gesture or password after terminal access, and according to arranging with system
Identifying algorithm, the logging request data to user are calculated, and by the data after calculating and part initial parameter, such as time
Stamp, random number is submitted to system with request message.
System is verified as user after the logging request to system is sent to mobile terminal, is waited in system end to user
The certification of the mobile terminal of binding and authenticating result, if the terminal that success identity user binds within the time limit as defined in system is carried
The logging request data of friendship then allow the User logs at access equipment end.
Certification and authentication:
Certification and authentication are responsible for the equipment to user, and comprising host accesses equipment, subscriber terminal equipment is authenticated and reflected
Power, specific identifying algorithm exists in the form of scalable module, as long as system passes through the mode of upgrading, you can by each composition portion
The certification and authentication module divided is upgraded and replaced.
Certification is by rear, and system can be authenticated by distribution authority during the user's registration of inquiring about corresponding device, and be permitted
The logging request sent of family allowable on the access device is logged in.
A simply example is lifted, the specific authentication algorithm A algorithm that terminal is arranged with system, input parameter includes user name,
Terminal characteristic information, the Client Key of system distribution, the parameter such as timestamp, random number calculates an algorithm values, and by this
Calculated value is submitted to system with timestamp, end eigenvale, and system takes same identifying algorithm to be calculated and compared, and such as one
Cause then thinks that the terminal passes through certification.
A simply example is lifted, arithmetic result and partial parameters can be submitted in the message:
HASH (user name+end eigenvale+Client Key+ random numbers), system end take same method calculate and
Comparison, such as which part parameter, Client Key or end eigenvale are transmitted not in parameter, and system is being registered and bound
When just have been saved in system end, system can be inquired by user name or ID, and security is strengthened with this.
End eigenvale is a characteristic of the unique GC group connector of energy, and its mapping object can include MAC,
MSISDN, the value of unique GC group connector such as fuselage code, by these data alone or in combination by way of by mapping function such as
Hash mapping to uniqueness and can not be reverse data.
Identifying algorithm can constantly be updated by update module of upgrading, and not necessarily take above-mentioned hash function
Calculated, for example, the mode of public private-key digital signature can also be taken to ensure the security of message.
User publishes:
Traditional to publish pattern to exit manually or time-out is automatically exited from, in the present invention, user can still select
Exit manually, i.e. user actively logs off state, can also auto-timeout exit, in addition, system is also supported from access
The mobile terminal that equipment end is initiated reaches that time limit backed off after random, i.e. access equipment end or mobile terminal find that periphery is tested after going beyond the scope
The equipment demonstrate,proved is rear not within the scope of to exceed the regular hour, can automatically initiate and publish flow, realize that user leaves access
After equipment, as user was left after the computer regular hour, publish automatically.
Update and upgrade:
Each part of system includes renewal and upgraded module, when system needs to be upgraded, notifies each to constitute
Part carries out the upgrading of module, updates and replace the software module of each part, comprising certification and authentication module, to ensure
Update and security software continuous.
Main functional modules
As shown in figure 1, a kind of modular structure of application login system and method based on mobile terminal includes access equipment
End, three parts of mobile terminal and system:
Access equipment end refers to apparatus such as computer, and user accesses system using access equipment, includes following module:
Data module 100:Data module is responsible for preserving the various data that the application of access equipment end is related to, can be with database
Or the mode of file is present.
Upgrading update module 101:Upgrading update module is responsible for query software version and the upgrade command according to system end
Conduct interviews and hold the software upgrade and update of application.
Scan module 102:Scan module is responsible for by short-distance wireless technology, comprising bluetooth, WIFI-DIRECT, WIFI,
The wireless technologys such as NFC, scanning access equipment end, such as mobile terminal on computer equipment periphery, comprising mobile phone, PAD etc., obtains equipment
List and request are accessed.
Device authentication module 103:Device authentication module is responsible for verifying that allowance meets checking to the equipment of request access
The equipment access and progress data interaction of rule.
Register binding module 104:Registration binding module is responsible for user's registration of the user in the initiation at access equipment end, and
The access equipment and user's corresponding relation of Request System user bound.
Login module 105:Access equipment end such as computer, user initiates the request module that application is logged in.
Communication module 106:Access equipment end is communicated with system and peripheral equipment, carries out the function mould of data interaction
Block.
Mobile terminal side is included:
Device authentication module 107:Device authentication module is responsible for verifying that allowance meets checking to the equipment of request access
The equipment access and progress data interaction of rule.
Upgrading update module 108:The software upgrading of mobile terminal side and upgraded module, are responsible for query software version and root
The software upgrade and update of end side application is moved according to the upgrade command of system end.
Scan module 109:Scan module is responsible for by short-distance wireless technology, comprising bluetooth, WIFI-DIRECT, WIFI,
The wireless technologys such as NFC, the equipment for scanning periphery, obtains list of devices and request is accessed.
Certification and authentication module 110:Responsible mobile terminal side thinks that system initiates certification and the request of authentication.
Register binding module 111:Registration binding module is responsible for user's registration of the user in the initiation of mobile terminal side, and
Ask the mobile terminal device in system binding user.
Data module 112:Data module is responsible for preserving the various data that mobile terminal side application is related to, can be with database
Or the mode of file is present.
Communication module 113:Mobile terminal side is communicated with system and peripheral equipment, carries out the function mould of data interaction
Block.
The mobile data that the data transmission channel 114 and mobile terminal that data transmission channel is used comprising access equipment are used
Transmission channel 115, is accessed comprising fixed data network and WIFI, accessing fixed broadband net such as fixed broadband net and by WIFI
Mode or the data transmission channel using mobile communications network, the data channel of such as 3G nets.
System end includes following functional module:
Service access interface 116:
System end provides data access interface to access equipment end and mobile terminal or third-party application, by interface with being
System is interacted.
Database 117:
System database, there is provided various data access functions for storage miscellaneous service data.
Business logic modules 118:
The logic of business functions module of system end, is interacted with each functional module, completes each service logic flow.
Registration and binding module 119:
The function services of user's registration are provided the user, are user's distribution account and authority, user bound and user are whole
End or the mapping relations of access equipment, manage user.
Certification and authentication module 120:
Client-initiated logging request is authenticated and authenticated, comprising the certification to user and terminal and authentication, and root
Permit according to certification and authenticating result or refusal user accesses system.
Management configuration module 121:
The management configuration functional module of system end, configures systematic parameter, system is managed.
Upgraded module 122:
It is responsible for the upgrading and renewal of the application of access equipment end and mobile terminal side, is indicated to initiate access equipment according to system
The upgrading of end and mobile terminal updates.
OAUTH services 123:
System is optionally the functional module that third party provides the external service of certification and authentication.
System door 124:
System provides the user access and the approach using system, and user enters system by door, using business and
Business is managed.
Fig. 2 is shown as present system user profile mapping association schematic diagram.
As illustrated, system user information mapping association schematically illustrates user profile and access equipment information and shifting
The association of dynamic end message.
Wherein, custom system accounts information includes in information, figure necessary to User logs in and contains ID or user
Name, during other some necessary information, such as last login that the password and logon account treated by Hash mapping is included
Between, the information such as account status.
User account information is man-to-man relation by unidirectional mapping, i.e. user account information and mobile device, is closed
It is linked in the information of mobile terminal and access equipment, figure, contains unidirectional mapping such as the access equipment that hash algorithm is treated
Characteristic information, mobile terminal features information, the configured information for the authentication algorithm that system is taken, the algorithm parameter of system distribution
Such as specific Key, the ID of the application of the current logging request of user of distribution, and some other expansible map information.
By way of unidirectionally mapping, system can calculate and judge the device map letter of mapping by authentication algorithm
Breath judges whether the terminal device or access equipment of request are credible, so as to decide whether to allow a user to log into application.
Fig. 3 is shown as user's registration of the present invention and binding schematic flow sheet.
As illustrated, user's registration and binding flow are comprised the following steps:
Step 1:User is registered on the access device, obtains the accounts information of system distribution;
Step 2:Whether selected to bind access equipment, such as user's selection binding access equipment according to user, then collection is accessed
Submit to system after the characteristic information of equipment end and processing, the key parameter that system is bound and distributed needed for identifying algorithm to
The algorithm parameter Key of access equipment, such as system distribution;
Step 3:The flow at access equipment end terminates if user does not select to bind access equipment information;
Step 4:User signs in system on mobile terminals after succeeding in registration using identical accounts information;
Step 5:System is submitted to after the feature information processing for gathering mobile terminal, system is bound and distributes certification calculation
Algorithm parameter Key of the key parameter to access equipment, such as system distribution needed for method;
In addition, explicable be, it is laggard that user can equally carry out registration acquisition user account information in mobile terminal side
Row binding, flow is consistent with this flow, and the equipment for simply initiating registration changes into mobile terminal, and follow-up process is the same, and process is not
Tire out again and state.
Fig. 4 is shown as present device checking schematic flow sheet.
As illustrated, device authentication process description is the unidirectional or two-way checking of equipment room, i.e. access equipment checking is moved
Terminal or mobile terminal authentication-access equipment simultaneously are moved, the flow of binding and believable equipment is determined whether, following walk is included
Suddenly:
Step 1:User opens the equipment near application, application scanning;
Step 2:Such as non-discovering device, then continue to scan on, such as find user's mobile device, user selects to initiate after the equipment
Connection, access equipment end can then preserve the link information of the mobile device of this user selection, be used as the first choice of connection next time;
Step 3:Mobile device receives the connection request of access equipment initiation, according to user in advance on mobile terminals
Security setting is connected, judges whether to need user to intervene connection procedure;
Step 4:Connection procedure is intervened if desired for user, user is on the interface of the connection request of mobile terminal, by referring to
Line recognizes that gesture operation, or Password Input license are this time connected, such as correct, then this successful connection, as incorrect, does not permit
Perhaps connect, point out error message, such as intervened without user, be then connected automatically to the mobile terminal;
Step 5:Such as successful connection, then set according to device authentication, exchange checking data progress unidirectional or two-way by testing
Algorithm is demonstrate,proved to verify whether counterpart device is credible equipment;
Step 6:Such as it is proved to be successful, then it is credible equipment to approve counterpart device, it is allowed to the further operation such as transmission data, it is no
Then this flow terminates, and otherwise reports error message.
Fig. 5 is shown as the present invention and publishes schematic flow sheet.
As illustrated, application publish process description is that the automatic of application that user logs on the access device publishes stream
Journey, is comprised the following steps:
Step 1:In access equipment using the condition published of detection, comprising user in the application upper inactive time and
Whether terminal device is also within valid analysing range;
Step 2:Detect that subscriber terminal equipment whether within the detection range of access equipment, is such as detected in access equipment end
Mobile terminal does not reach that the regular hour is then applied to publish automatically within access and carries out explicit manually publish without user
Operation, proceeds the detection operation in the range of mobile terminal if still in detection range;
Step 3:Access equipment detection user's does not reach the regular hour in the time of application activity, such as reaches, then certainly
Dynamic publish carries out explicitly publishing operation manually without user, continues to detect the time that user is inactive if not up to;
Step 4:The application at access equipment end such as receives the display of user manually and publishes operation requests, then is published,
Otherwise continue to detect that user publishes condition;
Wherein, step 3,4,5 can parallel detection, but can not also influence the technology of whole flow process to imitate for serial execution
Really.
Give one example to illustrate user of the present invention a kind of application login system and method based on mobile terminal below
Using flow, as shown in fig. 6, in the embodiment, operation flow comprises the following steps:
As illustrated, the Business Stream that registering service flow assists to be logged in for the user of the present invention using mobile terminal
Journey, user need to only carry registration in advance and the mobile terminal bound, and be that quick registration can be achieved close to the host equipment logged in,
Wherein, by short-distance wireless technology, preferred bluetooth can also take the short-distance wireless technologies such as WIFI-DIRECT or NFC to find
With identification peripheral equipment.
As illustrated, registering service flow of the present invention is comprised the following steps:
Step 1:User starts at access equipment end to apply, and whether the terminal that access end device scan and checking are found is use
Also authentication-access end equipment carries out bi-directional verification to the mobile terminal or mobile terminal that family is registered and bound, and such as finds registration and binds
Mobile terminal then continue step 2, otherwise report error message;
Step 2:User asks to sign in system in the way of mobile terminal is verified in the application at access equipment end;
Step 3:Logging request is sent to system and the mobile device end equipment by checking by the application at access equipment end;
Step 4:System receives the logging request that user sends from access equipment end, waits testing for corresponding mobile terminal
Demonstrate,prove result phase;
Step 5:Mobile terminal receives the logging request that user sends from application apparatus end, is calculated and recognized by identifying algorithm
Card data simultaneously will can be sent to system in the data and request message of system end certification oneself;
Step 6:The result that the standby communication terminals such as system are submitted, such as within the term of validity of wait, is calculated by authentication
Method determines whether the correct request message that legal terminal is submitted, and allows if for the request message of legal terminal submission
The User logs at access equipment end, does not allow to be logged in if for illegal terminal, such as time-out, then the use of denied access equipment end
Family is logged in;
Description of the invention is provided for the sake of example and explanation, and is not exhaustively or by the present invention
It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Select and retouch
State embodiment and be more preferably to illustrate the principle and practical application of the present invention, and one of ordinary skill in the art is managed
The solution present invention is so as to design the various embodiments with various modifications suitable for special-purpose.
Claims (8)
1. a kind of application login method based on mobile terminal, it is characterised in that this method is based on applying login system as follows, should
System includes background system, three parts of mobile terminal and access equipment, and methods described is comprised the following steps:
1) user registers in background system, user bound identity and mobile terminal, sets access equipment, mobile terminal, backstage system
The proof rule of system each other;
2) user access device carries out mutual scanning discovery by short-distance wireless technology with customer mobile terminal and selected according to user
Fixed certification mode, carries out the unidirectional or two-way authentication between equipment;
3) mobile terminal Validation Mode is selected when user logs in application on the access device, it is same that application request system is logged in
When to finding and authenticated mobile terminal initiates logging request;
4) background system is received after the logging request of user, is calculated authentication data and inquiry in background system and is compared and moves
Certification and authorization data that dynamic terminal is uploaded;
5) mobile terminal receives the checking request of user, mobile terminal according to security setting verify after user identity according to it is rear
The certification of platform system agreement and authentication arithmetic, the data and landing request information of the mobile terminal identity that can be authenticated are issued
Background system is authenticated and authenticated;6) data that background system is sent to mobile terminal carry out the certification and authentication to terminal,
Such as pass through, then allow the application of user on the access device to log in.
2. the method as described in claim 1, user registers in background system, user bound identity and mobile terminal, set and visit
Ask the proof rule between equipment, mobile terminal, background system, it is characterised in that user obtains after background system is registered
The user identity and corresponding access rights of background system are obtained, and identity information is accessed using the user obtained and is logged in terminal
System, client terminals acquisition terminal characteristic is synchronized to background system, and the checking for obtaining background system distribution calculates required
Various data, background system user bound and mobile terminal, after binding success, user sets access equipment and mobile terminal
Equipment between proof rule.
3. the method as described in claim 1, user access device is carried out mutual with customer mobile terminal by short-distance wireless technology
The proof rule that scanning phase finds and set according to user, carries out the unidirectional or two-way authentication between equipment, it is characterised in that set
The standby scanning carried out by short-distance wireless each other, discovering device, and according to the proof rule between user's set device, bag
Validation Mode containing equipment room, comprising unidirectional or bi-directional device signature verification, password authentication, is verified by the verification algorithm of agreement
It was found that equipment it is whether credible, verification algorithm module as scalable software module be present in background system, mobile terminal and
In access equipment.
4. the method as described in claim 1, user selects mobile terminal Validation Mode when logging in application on the access device, should
Logging request is initiated to discovery and authenticated mobile terminal, it is characterised in that user while login with Request System
Application request login system is opened, in the case where user's selection is logged in by mobile terminal checking, is stepped on using being sent to system
Record request while to have been found that with the authenticated mobile terminal device for being present in periphery send login authentication request, request
Authenticated mobile terminal apply the landing request information that user is contained in login authentication, request message.
5. the method as described in claim 1, background system is received after the logging request of user, calculate and recognize at background system end
Demonstrate,prove authorization data and inquire about and compare the authentication data that mobile terminal is uploaded, it is characterised in that background system is received should
Logging request, the information asked according to User logs in calculates certification and authentication calculations, and inquire about current use in background system
The mobile terminal authentication and authentication calculations object information of the corresponding binding of logging request session at family, the calculating with background system end
As a result it is compared, determines whether effective request that effective mobile terminal is sent, is such as effective mobile terminal and certification
Authentication calculations result unanimously then thinks that the request that mobile terminal is sent is effective, it is allowed to which user logs in access equipment, such as waits super
When then judge this User logs in request failure and loopback error message is to access equipment.
6. the method as described in claim 1, mobile terminal receives the checking request of user, mobile terminal is according to security setting
Verify after user identity, according to the certification and authentication arithmetic arranged with background system, will can authenticate the number of mobile terminal identity
According to this and landing request information is issued background system and authenticated and certification, it is characterised in that mobile terminal receives user's
Login authentication solicited message, mobile terminal is set according to the local security of user, can be mobile whole by the input of terminal in itself
End input includes fingerprint recognition, and gesture, the mode that password and mobile terminal are supported verifies user identity, simultaneously, additionally it is possible to nothing
User's intervention is needed directly to approve the solicited message of the authenticated terminal, according to the certification and authentication arithmetic arranged with background system
The calculating that the calculating parameter distributed with background system is authenticated and authenticated, by the certification of mobile terminal and authentication calculations algorithm meter
The data and login sessions information of calculation issue system and are authenticated and authenticate, and the data that background system is sent to mobile terminal are entered
Row authentication and certification, such as pass through, then allow user to be logged in application, otherwise refuse this login.
7. a kind of application login system for performing method as claimed in claim 1, the system contains background system, mobile terminal
With three parts of access equipment, it is characterised in that
Background system is mainly included:
Registration and binding module, certification and authentication module, data module, update module, wherein, registration and binding module are responsible for use
The registration at family and the binding of user terminal and user identity;
Certification and authentication module are responsible for certification and the authentication of user identity and terminal;
Data module is responsible for preserving user data and business datum;
Update module is responsible for background system, the corresponding software upgrading of mobile terminal and access equipment end and upgrading;Mobile terminal master
Comprising:
Registration and binding module, scanning and discovery module, authentication module, certification and authentication module, communication module, update module,
Wherein:
Registration and binding module are responsible for registration terminal and user profile to background system, and background system is bound;Scanning and hair
Existing module is responsible for according to short-distance wireless agreement, comprising bluetooth, WIFI-DIRECT, NFC short-distance wireless technology, and scanning and discovery are used
Family logging device, authentication module is responsible for the equipment room proof rule set according to user and verification algorithm and neighbouring other is set
It is standby, verify whether as believable equipment;
Authentication module is responsible for verifying whether the equipment on the periphery found is user's registration and the equipment specified according to verification algorithm;
Certification and authentication module are responsible for the certification calculated according to the access information and terminal of user and authorization data to user and set
It is standby to be authenticated and authenticate;
Communication module is responsible for carrying out the transmitted in both directions of communication and data with authenticated equipment;
Update module is responsible for interacting with background system, upgrades and updates the software of end side;
Access equipment is included:Using login module, scanning and discovery module, authentication module, communication module, update module;
Wherein, login module is responsible for initiating to ask the logging request of background system and the login authentication of terminal, scanning and discovery
Module is responsible for scanning the mobile terminal on access equipment periphery, and mobile terminal can be scanned on access equipment periphery, verify mould
Block is responsible for verifying whether the mobile terminal on the periphery found is user's registration and the terminal device bound, communication according to verification algorithm
Module is responsible for carrying out the transmitted in both directions that communication carries out data with the terminal by checking, and update module is responsible for carrying out with background system
Interaction, upgrading and the software for updating access equipment side.
8. system as claimed in claim 7, it is characterised in that certification and authentication module that each part is included, to
Family and mobile terminal are authenticated and authenticated, and are deposited as a scalable module of each part of login system is applied
Algorithm can be carried out by the update module of background system, mobile terminal and access equipment each part in, its specific algorithm
With the upgrading and replacement of function, and specific algorithm is not limited to.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410144378.9A CN103888265B (en) | 2014-04-11 | 2014-04-11 | A kind of application login system and method based on mobile terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410144378.9A CN103888265B (en) | 2014-04-11 | 2014-04-11 | A kind of application login system and method based on mobile terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103888265A CN103888265A (en) | 2014-06-25 |
CN103888265B true CN103888265B (en) | 2017-07-25 |
Family
ID=50956993
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410144378.9A Active CN103888265B (en) | 2014-04-11 | 2014-04-11 | A kind of application login system and method based on mobile terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103888265B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107770150A (en) * | 2017-08-25 | 2018-03-06 | 北京元心科技有限公司 | Terminal protecting methdo and device |
Families Citing this family (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9674768B2 (en) | 2014-07-28 | 2017-06-06 | Xiaomi Inc. | Method and device for accessing wireless network |
CN104185304B (en) * | 2014-07-28 | 2015-12-30 | 小米科技有限责任公司 | A kind of method and device accessing WI-FI network |
CN105530224B (en) * | 2014-09-30 | 2019-01-25 | 中国电信股份有限公司 | The method and apparatus of terminal authentication |
US9736135B2 (en) * | 2014-10-17 | 2017-08-15 | Lam Research Corporation | Method, apparatus, and system for establishing a virtual tether between a mobile device and a semiconductor processing tool |
CN104349194A (en) * | 2014-10-24 | 2015-02-11 | 深圳市嘉乐派科技有限公司 | System and method for carrying out identity identification in Internet television box |
CN105681261A (en) * | 2014-11-19 | 2016-06-15 | 小米科技有限责任公司 | Security authentication method and apparatus |
CN104468582B (en) * | 2014-12-11 | 2021-12-14 | 苏州海博智能系统有限公司 | Authentication and authorization method and system for user information |
CN104618401A (en) * | 2015-03-10 | 2015-05-13 | 四川省宁潮科技有限公司 | Real-name system-based wifi one-key logging method |
CN104834867B (en) * | 2015-04-01 | 2019-01-18 | 惠州Tcl移动通信有限公司 | The method and system of electronic equipment privacy protection are realized based on bluetooth |
CN104836794B (en) * | 2015-04-01 | 2019-01-04 | Tcl通讯科技(成都)有限公司 | The method and system of electronic equipment privacy protection are realized based on WIFI hot spot |
CN105447364B (en) * | 2015-04-30 | 2019-01-25 | 上海眼神信息服务有限公司 | The method, apparatus and system that remote biometric identification logs in |
KR102398167B1 (en) * | 2015-07-02 | 2022-05-17 | 삼성전자주식회사 | User device, method for setting password thereof, and operating method for setting and confirming password thereof |
CN105099704B (en) * | 2015-08-13 | 2018-12-28 | 上海博路信息技术有限公司 | A kind of OAuth service based on bio-identification |
CN105337997B (en) * | 2015-11-30 | 2020-10-23 | 广州华多网络科技有限公司 | Login method of application client and related equipment |
CN105471891A (en) * | 2015-12-28 | 2016-04-06 | 湖南蚁坊软件有限公司 | Login method based on confidential order of trusted equipment |
WO2017124523A1 (en) * | 2016-01-24 | 2017-07-27 | 何兰 | Information pushing method when file is accessed, and fingerprint system |
CN107786326A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | Apply the sharing method in the verification of car networking dynamic password |
CN107786338B (en) * | 2016-08-25 | 2021-04-27 | 大连楼兰科技股份有限公司 | Shared platform in dynamic password verification |
US10389731B2 (en) * | 2016-11-22 | 2019-08-20 | Microsoft Technology Licensing, Llc | Multi-factor authentication using positioning data |
CN107911364B (en) * | 2017-11-16 | 2018-09-11 | 国网山东省电力公司 | A kind of Verification System based on fingerprint recognition caching |
CN108024249B (en) * | 2017-11-30 | 2021-08-06 | 郑州云海信息技术有限公司 | Method and system for preventing wifi brute force from being cracked |
CN108564688A (en) * | 2018-03-21 | 2018-09-21 | 阿里巴巴集团控股有限公司 | The method and device and electronic equipment of authentication |
CN109167766B (en) * | 2018-08-17 | 2021-08-31 | 陕西鑫创互娱网络科技有限公司 | Network platform login verification method and system based on mobile terminal verification |
CN109583160A (en) * | 2018-11-21 | 2019-04-05 | 安徽云融信息技术有限公司 | Computer opening identity authentication system and its authentication method |
CN109522695A (en) * | 2018-11-30 | 2019-03-26 | 努比亚技术有限公司 | Application program login method, computer end, mobile terminal, system and storage medium |
CN109558718A (en) * | 2018-11-30 | 2019-04-02 | 努比亚技术有限公司 | Application program login method, computer end, mobile terminal, system and storage medium |
CN110245499B (en) * | 2019-05-08 | 2023-02-28 | 深圳丝路天地电子商务有限公司 | Web application authority management method and system |
CN112685702A (en) * | 2020-02-28 | 2021-04-20 | 乐清市川嘉电气科技有限公司 | Intelligent dynamic authorization system for external visitors |
CN111683092B (en) * | 2020-06-09 | 2022-07-26 | 上海泛微网络科技股份有限公司 | Workflow submitting method, device, equipment and storage medium |
CN116800544B (en) * | 2023-08-21 | 2023-11-24 | 成都数智创新精益科技有限公司 | User authentication method, system and device and medium |
CN117596237B (en) * | 2024-01-19 | 2024-04-19 | 安擎计算机信息股份有限公司 | Mobile terminal-based server remote control system and method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101064535A (en) * | 2007-04-12 | 2007-10-31 | 复旦大学 | Intelligent authentication method and system based on close range wireless communication handset |
CN101677442A (en) * | 2008-09-17 | 2010-03-24 | 艾威梯科技(北京)有限公司 | Method and equipment for automatically logging in application programs |
CN103327487A (en) * | 2012-03-19 | 2013-09-25 | 上海博路信息技术有限公司 | Remote certification authentication service system |
CN103378876A (en) * | 2012-04-16 | 2013-10-30 | 上海博路信息技术有限公司 | Bluetooth-based terminal unlocking method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130268687A1 (en) * | 2012-04-09 | 2013-10-10 | Mcafee, Inc. | Wireless token device |
-
2014
- 2014-04-11 CN CN201410144378.9A patent/CN103888265B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101064535A (en) * | 2007-04-12 | 2007-10-31 | 复旦大学 | Intelligent authentication method and system based on close range wireless communication handset |
CN101677442A (en) * | 2008-09-17 | 2010-03-24 | 艾威梯科技(北京)有限公司 | Method and equipment for automatically logging in application programs |
CN103327487A (en) * | 2012-03-19 | 2013-09-25 | 上海博路信息技术有限公司 | Remote certification authentication service system |
CN103378876A (en) * | 2012-04-16 | 2013-10-30 | 上海博路信息技术有限公司 | Bluetooth-based terminal unlocking method |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107770150A (en) * | 2017-08-25 | 2018-03-06 | 北京元心科技有限公司 | Terminal protecting methdo and device |
CN107770150B (en) * | 2017-08-25 | 2020-09-22 | 北京元心科技有限公司 | Terminal protection method and device |
Also Published As
Publication number | Publication date |
---|---|
CN103888265A (en) | 2014-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103888265B (en) | A kind of application login system and method based on mobile terminal | |
US8701199B1 (en) | Establishing a trusted session from a non-web client using adaptive authentication | |
US9451454B2 (en) | Mobile device identification for secure device access | |
CN107211026A (en) | It is intended to the method and apparatus of checking for the user authentication in mobile device and the mankind | |
CN103856332A (en) | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication | |
CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
CN101986598B (en) | Authentication method, server and system | |
CN103200159B (en) | A kind of Network Access Method and equipment | |
CN101557406A (en) | User terminal authentication method, device and system thereof | |
CN103401880A (en) | Automatic login industrial control system and control method | |
CN106488453A (en) | A kind of method and system of portal certification | |
CN103327487A (en) | Remote certification authentication service system | |
CN103986734B (en) | Authentication management method and authentication management system applicable to high-security service system | |
CN110022215A (en) | Industrial automation equipment and cloud service | |
CN105376208A (en) | Secure data verification method, system and computer readable storage medium | |
CN106230824A (en) | A kind of mobile device authentic authentication system and method | |
WO2019056971A1 (en) | Authentication method and device | |
CN106161475A (en) | The implementation method of subscription authentication and device | |
CN107819728A (en) | Method for network authorization, relevant apparatus | |
CN113765655A (en) | Access control method, device, equipment and storage medium | |
CN106452763A (en) | Method for employing cipher key through remote virtual USB device | |
CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
CN105450646A (en) | Local area network connection realization method for network refrigerator and user information security authentication method | |
CN105357224A (en) | Intelligent household gateway register, remove method and system | |
CN103428161A (en) | Phone authentication service system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240515 Address after: 071799, No. 5-316, North Side 279 Wenchang Street, Xiongxian County, Xiong'an New Area, Hebei Province Patentee after: Hebei Xiong'an Xiangma Technology Co.,Ltd. Country or region after: China Address before: Room 601, 77 Lane 2688, Hunan Road, Pudong New Area, Shanghai, 201315 Patentee before: SHANGHAI BOLU INFORMATION TECHNOLOGY Co.,Ltd. Country or region before: China |