CN107404488B - Method and device for mutual exclusion of multiple terminal devices in same application - Google Patents
Method and device for mutual exclusion of multiple terminal devices in same application Download PDFInfo
- Publication number
- CN107404488B CN107404488B CN201710667889.2A CN201710667889A CN107404488B CN 107404488 B CN107404488 B CN 107404488B CN 201710667889 A CN201710667889 A CN 201710667889A CN 107404488 B CN107404488 B CN 107404488B
- Authority
- CN
- China
- Prior art keywords
- token
- application
- user
- identifier
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000007717 exclusion Effects 0.000 title claims abstract description 37
- 238000012545 processing Methods 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 description 7
- 230000003993 interaction Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention provides a mutual exclusion method and a mutual exclusion device for multiple terminal devices in the same application, wherein the method comprises the following steps: receiving an access message of a user accessing a first application authority interface through first terminal equipment, wherein the access message comprises a first token and a user identifier; comparing whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier and stored in a database or not according to the user identifier; if the first terminal device is the same as the second terminal device, sending an instruction for allowing the user to access the first application permission interface through the first terminal device to the first terminal device; and if not, sending a prompt message to the first terminal equipment to prompt the user of the multi-terminal equipment login conflict. By adopting the method provided by the embodiment of the invention, the mutual exclusion of multiple terminal devices in the same application can be realized without depending on the terminal device identification.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a mutual exclusion method and device for multiple terminal devices in the same application.
Background
With the rapid development of communication technology, various applications on terminal devices are continuously enriching the communication and life of people. People can access applications at different locations using different terminal devices. However, the same application requires that login operations cannot be performed simultaneously on different terminal devices. For example: WeChat or payment treasures and the like relate to the application of sensitive information, and in order to avoid operation conflicts, the user is required to be incapable of logging in to different terminal devices at the same time. And the user logs in the equipment A by using the user identifier and the password, and logs in the equipment B by using the user identifier and the password, so that the access of the user identifier on the equipment A is forcibly quitted.
Currently, most of the methods for mutual exclusion of multiple terminal devices in the same application allocate a unique terminal device identifier to each terminal device, and determine whether there is a multiple-terminal conflict situation according to the user identifier and the terminal device identifier. However, the terminal device identifier of the terminal device is difficult to obtain, the terminal device is bound with the user, the terminal device has strong coupling, and multiple terminal devices in the same application are mutually exclusive and need to rely on the obtaining of the terminal device identifier. The inventor finds out in the process of implementing the invention that how to implement multi-terminal mutual exclusion of the same application without depending on the terminal equipment identification is a problem to be solved.
Disclosure of Invention
In summary, the embodiments of the present invention provide a method and an apparatus for mutual exclusion of multiple terminal devices in the same application, which can implement mutual exclusion of multiple terminal devices in the same application without depending on the terminal device identifier.
In a first aspect, an embodiment of the present invention provides a method for mutual exclusion of multiple terminal devices in a same application, where the method includes: receiving an access message of a user accessing a first application authority interface through first terminal equipment, wherein the access message comprises a first token and a user identifier; comparing whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier and stored in a database or not according to the user identifier; if the first terminal device is the same as the second terminal device, sending an instruction for allowing the user to access the first application permission interface through the first terminal device to the first terminal device; and if not, sending a prompt message to the first terminal equipment to prompt the user of the multi-terminal equipment login conflict.
Further, the method further comprises: receiving a login request message of the user for logging in the first application through the first terminal device, wherein the login request message comprises an identifier of the first application corresponding to the first terminal device, the user identifier and a password; when the user identification and the password pass the verification, distributing and issuing the first token to the first terminal equipment, wherein the first token comprises the identification of the first application corresponding to the first terminal equipment and the user identification; and storing the first token in a database, wherein the first token corresponds to a first application group identifier corresponding to the user identifier, and identifiers of different terminals of the user corresponding to the first application form a group corresponding to the first application group identifier.
Further, the comparing, according to the user identifier, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in a database specifically includes: according to the user identification in a first token in the received access message and the identification of a first terminal device corresponding to the first application, searching the first application group identification corresponding to the user identification in the database, and acquiring the token corresponding to the first application group identification stored in the database; and when the token corresponding to the first application group identifier stored in the database is the first token, the comparison results are the same.
Further, the method further comprises: receiving a login request message of the user for logging in the first application through second terminal equipment, wherein the login request message comprises an identifier of the first application corresponding to the second terminal equipment, the user identifier and the password; when the user identification and the password pass the verification, distributing and issuing a second token to the second terminal equipment, wherein the second token comprises the identification and the user identification of the second terminal equipment corresponding to the first application; and storing the second token in a database, wherein the second token corresponds to the first application group identifier corresponding to the user identifier, the first token is covered by the second token, and the first token is invalid.
Further, the comparing, according to the user identifier, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in a database specifically includes: according to the user identification in a first token in the received access message and the identification of a first terminal device corresponding to the first application, searching the first application group identification corresponding to the user identification in the database, and acquiring the token corresponding to the first application group identification stored in the database; and when the token corresponding to the first application group identifier stored in the database is the second token, the comparison result is different.
Further, the token of the first application group identifier corresponding to the user identifier stored in the database is only valid for the latest stored token.
In a second aspect, an embodiment of the present invention provides a device for mutual exclusion for multiple terminal devices using the same application, including: the system comprises a receiving unit, a processing unit, a database and a sending unit, wherein the receiving unit is used for receiving an access message of a user accessing a first application authority interface through first terminal equipment, and the access message comprises a first token and a user identifier; the database is used for storing tokens of the first application group identification corresponding to the user identification; the processing unit is configured to compare, according to the user identifier, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in the database; if the first application authority interface is the same as the second application authority interface, the sending unit sends an instruction allowing the user to access the first application authority interface through the first terminal device to the first terminal device; and if not, the sending unit sends a prompt message to the first terminal device to prompt the user that the multiple terminal devices are in login conflict.
Further, the receiving unit is further configured to receive a login request message that the user logs in the first application through the first terminal device, where the login request message includes an identifier of the first application corresponding to the first terminal device, the user identifier, and a password; the processing unit is further configured to allocate and issue the first token to the first terminal device through the sending unit after the user identifier and the password pass verification, where the first token includes an identifier of the first terminal device corresponding to the first application and the user identifier; the database is further configured to store the first token, where the first token corresponds to a first application group identifier corresponding to the user identifier, and identifiers of different terminals of the user corresponding to the first application form a group corresponding to the first application group identifier.
Further, the comparing, by the processing unit, whether the first token in the access message is the same as the token of the first application group identifier corresponding to the user identifier stored in the database according to the user identifier specifically includes: according to the user identification in a first token in the received access message and the identification of a first terminal device corresponding to the first application, searching the first application group identification corresponding to the user identification in the database, and acquiring the token corresponding to the first application group identification stored in the database; and when the token corresponding to the first application group identifier stored in the database is the first token, the comparison results are the same.
Further, the receiving unit is further configured to receive a login request message that the user logs in the first application through a second terminal device, where the login request message includes an identifier of the second terminal device corresponding to the first application, the user identifier, and the password; the processing unit is further configured to allocate and issue a second token to the second terminal device through the sending unit after the user identifier and the password pass verification, where the second token includes an identifier of the second terminal device corresponding to the first application and the user identifier; the database is further configured to store the second token, where the second token corresponds to the first application group identifier corresponding to the user identifier, the first token is covered by the second token, and the first token is invalid.
Further, the comparing, by the processing unit, whether the first token in the access message is the same as the token of the first application group identifier corresponding to the user identifier stored in the database according to the user identifier specifically includes: according to the user identification in a first token in the received access message and the identification of a first terminal device corresponding to the first application, searching the first application group identification corresponding to the user identification in the database, and acquiring the token corresponding to the first application group identification stored in the database; and when the token corresponding to the first application group identifier stored in the database is the second token, the comparison result is different.
Further, the token of the first application group identifier corresponding to the user identifier stored in the database is only valid for the latest stored token.
According to the same-application multi-terminal mutual exclusion method and device provided by the embodiment of the invention, different tokens are distributed to a user for logging in the same application through different terminal equipment, and meanwhile, the unique and effective tokens corresponding to the same application group identifiers of the different terminal equipment of the user are ensured to be stored in the database. The user identification and the terminal equipment identification accessing the same application have no strong binding relation, so that the session process of acquiring the terminal equipment identification is reduced, the interaction burden of the server is reduced, and the access efficiency and the safety of the application are improved.
Drawings
While the drawings needed to describe the invention or prior art arrangements in a more complete description of the embodiments or prior art are briefly described below, it should be apparent that the drawings described below are illustrative of some embodiments of the invention and that other drawings may be derived therefrom by those skilled in the art without the benefit of the inventive faculty.
Fig. 1 is a flowchart illustrating a mutual exclusion method for multiple terminal devices using the same application according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a mutual exclusion method for multiple terminal devices in the same application according to a second embodiment of the present invention;
fig. 3 is a flowchart illustrating a method for mutual exclusion by multiple terminal devices in the same application according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a composition of a mutual exclusion apparatus for multiple terminal devices applying the same application according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely illustrative of some, but not all, of the embodiments of the invention, and that the preferred embodiments of the invention are shown in the drawings. This invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, but rather should be construed as broadly as the present disclosure is set forth in order to provide a more thorough understanding thereof. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The terms "first," "second," and the like in the description and claims of the present invention and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
Example one
The embodiment of the invention provides a method for mutual exclusion of multiple terminals in the same application, based on an OAuth2.0 protocol, a user logs in the same application through different terminal equipment to distribute different tokens (tokens), meanwhile, a database is ensured to only store the tokens which are unique and effective corresponding to the same application group identifier of the user, when the user uses a certain terminal equipment to access the same application authority interface, the comparison of the two tokens ensures that the user can only pass Token authentication through the certain terminal equipment at the same time, and the problem of realizing mutual exclusion of the multiple terminals in the same application without depending on the terminal equipment identifier is solved.
Fig. 1 is a flowchart illustrating a method for mutual exclusion between multiple terminals in a same application according to an embodiment of the present invention.
Step S1001: and receiving a login request message of a user for logging in the first application through the first terminal equipment, wherein the login request message comprises an identifier, a user identifier and a password of the first application corresponding to the first terminal equipment.
In the embodiment of the present invention, the same application is accessed through different terminal devices, and different application identifiers are configured, for example: the same application is accessed through an Android terminal device and an iOS terminal device, different application identifiers are respectively configured, and the application identifiers are respectively defined as: the identifier of the first application corresponding to the first terminal device and the identifier of the first application corresponding to the second terminal device, and so on, may further include: an identification of the first application to the third terminal device, an identification of the first application to the fourth terminal device, etc.
Step S1002: and when the user identifier and the password pass the verification, distributing and issuing a first token to the first terminal equipment, wherein the first token comprises the identifier and the user identifier of the first terminal equipment corresponding to the first application.
In the embodiment of the invention, the server side allocates a token for each user who passes the application login authentication and is used for authorized operation request based on the terminal equipment. For example: a user logs in a first application through a first terminal device and allocates a first token to the first terminal device, and a user logs in the first application through a second terminal device and allocates a second token to the second terminal device.
Step S1003: and storing the first token in a database, wherein the first token corresponds to a first application group identifier corresponding to the user identifier, and identifiers of different terminals of the user corresponding to the first application form a group corresponding to the first application group identifier.
In the embodiment of the invention, in order to facilitate the management of the token aiming at the user to access a certain application by the database, the group identification of the same application is set, and the identifications of different terminals of the same application corresponding to the user form a group corresponding to the first application group identification. For example: the first application group identity corresponds to an identity of the first application to the first terminal device, the first application to the second terminal device, the first application to the third terminal device, and the first application to the fourth terminal device, and so on. And only one token is valid under the same application group identifier corresponding to the same user and stored in the database. Typically, the latest token assigned to the user on the server side is stored in the database valid, and the previous token is overwritten and invalidated. Thereby guaranteeing the mutual exclusion of the same application accessed by different terminals at the same time.
Step S1004: and receiving an access message of the user accessing a first application authority interface through first terminal equipment, wherein the access message comprises the first token and the user identifier.
Step S1005: comparing whether a first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in the database or not according to the user identifier; when the same, step S1006 is performed; when not identical, step S1007 is executed.
In the embodiment of the present invention, according to the user identifier in the first token in the received access message and the identifier of the first terminal device corresponding to the first application, the first application group identifier corresponding to the user identifier is searched in the database, and the token corresponding to the first application group identifier stored in the database is obtained. And when the token corresponding to the first application group identifier stored in the database is the first token, the comparison result is the same, otherwise, the token authentication cannot be passed.
Step S1006: and sending an instruction for allowing the user to access the first application authority interface through the first terminal equipment to the first terminal equipment.
Step S1007: and sending a prompt message to the first terminal equipment to prompt the user of the multi-terminal equipment to log in conflicts.
According to the method for mutual exclusion of multiple terminals in the same application, provided by the embodiment of the invention, different tokens are distributed to the same application when a user logs in the same application through different terminal equipment, and meanwhile, the unique and effective tokens corresponding to the same application group identifiers of the different terminal equipment of the user are ensured to be stored in the database.
Example two
The first embodiment describes how a user accesses a first application through a first terminal device and passes token authentication, and the first embodiment describes how to implement multi-terminal mutual exclusion for the same application when the user accesses the first application through a second terminal device at the same time.
Fig. 2 is a flowchart illustrating a method for mutual exclusion between multiple terminals in a same application according to a second embodiment of the present invention.
Step S2001: and receiving a login request message of a user for logging in the first application through the second terminal equipment, wherein the login request message comprises an identifier, a user identifier and a password of the second terminal equipment corresponding to the first application.
Step S2002: and when the user identification and the password pass the verification, distributing and issuing a second token to the second terminal equipment, wherein the second token comprises the identification and the user identification of the first application corresponding to the second terminal equipment.
Step S2003: and storing the second token in a database, wherein the second token corresponds to the first application group identifier corresponding to the user identifier, the first token is covered by the second token, and the first token is invalid.
In the embodiment of the invention, one and only one token is valid under the same application group identifier corresponding to the same user and stored in the database. Typically, the latest token assigned to the user on the server side is stored in the database valid, and the previous token is overwritten and invalidated. Therefore, the mutual exclusion of the same application accessed by different terminal devices at the same time is ensured.
Step S2004: and receiving an access message of the user accessing a first application authority interface through first terminal equipment, wherein the access message comprises the first token and the user identifier.
Step S2005: comparing whether a first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in the database or not according to the user identifier; when the same, step S2006 is executed; when not the same, step S2007 is executed.
In the embodiment of the invention, according to the user identifier in the first token in the received access message and the identifier of the first terminal device corresponding to the first application, the first application group identifier corresponding to the user identifier is searched in the database, and the token corresponding to the first application group identifier stored in the database is obtained; and when the token corresponding to the first application group identifier stored in the database is the second token, the comparison result is different.
Step S2006: and sending an instruction for allowing the user to access the first application authority interface through the first terminal equipment to the first terminal equipment.
Step S2007: and sending a prompt message to the first terminal equipment to prompt the user of the multi-terminal equipment to log in conflicts.
According to the method for mutual exclusion of multiple terminals in the same application, provided by the embodiment of the invention, different tokens are distributed to the same application when a user logs in the same application through different terminal equipment, and meanwhile, the unique and effective tokens corresponding to the same application group identifiers of the different terminal equipment of the user are ensured to be stored in the database. The user identification and the terminal equipment identification accessing the same application have no strong binding relation, so that the session process of acquiring the terminal equipment identification is reduced, the interaction burden of the server is reduced, and the access efficiency and the safety of the application are improved.
EXAMPLE III
The third embodiment of the invention provides a multi-terminal mutual exclusion method for the same application. Fig. 3 is a flowchart illustrating a method for mutual exclusion between multiple terminals in a same application according to a third embodiment of the present invention.
Step S3001: and receiving an access message of a user accessing the first application authority interface through the first terminal device, wherein the access message comprises a first token and a user identifier.
Step S3002: and comparing whether the first token in the access message is the same as the token of the first application group identifier corresponding to the user identifier stored in the database or not according to the user identifier.
In the embodiment of the invention, one and only one token is valid under the same application group identifier corresponding to the same user and stored in the database. Typically, the latest token assigned to the user on the server side is stored in the database valid, and the previous token is overwritten and invalidated. Therefore, the mutual exclusion of the same application accessed by different terminal devices at the same time is ensured.
Step S3003: and sending an instruction for allowing the user to access the first application authority interface through the first terminal equipment to the first terminal equipment.
Step S3004: and sending a prompt message to the first terminal equipment to prompt the user of the multi-terminal equipment to log in conflicts.
The method for realizing the mutual exclusion of the multiple terminals in the same application solves the problem of realizing the mutual exclusion of the multiple terminals in the same application without depending on the terminal equipment identification. The user identification and the terminal equipment identification accessing the same application have no strong binding relation, so that the session process of acquiring the terminal equipment identification is reduced, the interaction burden of the server is reduced, and the access efficiency and the safety of the application are improved.
Example four
The fourth embodiment of the invention provides a multi-terminal mutual exclusion device applied to a server. Fig. 4 is a schematic diagram illustrating a structure of a multi-terminal mutual exclusion apparatus for the same application according to a fourth embodiment of the present invention. The mutual exclusion device for multiple terminal devices in the same application provided by the embodiment of the invention comprises: a receiving unit 701, a processing unit 702, a database 703 and a transmitting unit 704.
A receiving unit 701, configured to receive an access message that a user accesses a first application permission interface through a first terminal device, where the access message includes a first token and a user identifier. A database 703, configured to store the token of the first application group identifier corresponding to the user identifier. The database in the embodiment of the invention is a redis database. A processing unit 702, configured to compare, according to the user identifier, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in a database 703; if the two are the same, the sending unit 704 sends an instruction allowing the user to access the first application right interface through the first terminal device to the first terminal device; if not, the sending unit 704 sends a prompt message to the first terminal device to prompt the user that the multiple terminal devices are in a login conflict.
The receiving unit 701 is further configured to receive a login request message that the user logs in the first application through the first terminal device, where the login request message includes an identifier of the first application corresponding to the first terminal device, the user identifier, and a password. The processing unit 702 is further configured to, after the user identifier and the password pass verification, allocate and issue the first token to the first terminal device through the sending unit, where the first token includes an identifier of the first terminal device corresponding to the first application and the user identifier; the database 703 is further configured to store the first token, where the first token corresponds to a first application group identifier corresponding to the user identifier, and identifiers of different terminals of the user corresponding to the first application form a group corresponding to the first application group identifier.
The processing unit 702 is configured to, according to the user identifier in the first token in the received access message and an identifier of the first terminal device corresponding to the first application, search the database 704 for the first application group identifier corresponding to the user identifier, and obtain a token corresponding to the first application group identifier stored in the database 704; and when the token corresponding to the first application group identifier stored in the database is the first token, the comparison results are the same.
The receiving unit 701 is further configured to receive a login request message that the user logs in the first application through a second terminal device, where the login request message includes an identifier of the second terminal device corresponding to the first application, the user identifier, and the password. The processing unit 702 is further configured to, after the user identifier and the password pass verification, allocate and issue a second token to the second terminal device through the sending unit, where the second token includes an identifier of the second terminal device corresponding to the first application and the user identifier. The database 703 is further configured to store the second token, where the second token corresponds to the first application group identifier corresponding to the user identifier, and the first token is covered by the second token, and the first token is invalid.
The processing unit 702 searches the first application group identifier corresponding to the user identifier in the database 703 according to the user identifier in the first token in the received access message and the identifier of the first terminal device corresponding to the first application, and obtains the token corresponding to the first application group identifier stored in the database; when the token corresponding to the first application group identifier stored in the database 703 is the second token, the comparison result is different.
In this embodiment of the present invention, the token of the first application group identifier corresponding to the user identifier stored in the database 703 is only valid.
According to the same-application multi-terminal mutual exclusion device provided by the embodiment of the invention, different tokens are distributed to a user for logging in the same application through different terminal equipment through the processing unit, and meanwhile, the unique and effective tokens corresponding to the same application group identifiers of the different terminal equipment of the user are ensured to be stored in the database. The user identification and the terminal equipment identification accessing the same application have no strong binding relation, so that the session process of acquiring the terminal equipment identification is reduced, the interaction burden of the server is reduced, and the access efficiency and the safety of the application are improved.
In the above embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing detailed description, or equivalent changes may be made in some of the features of the embodiments. All equivalent structures made by using the contents of the specification and the attached drawings of the invention can be directly or indirectly applied to other related technical fields, and are also within the protection scope of the patent of the invention.
Claims (10)
1. A mutual exclusion method for multiple terminal devices with the same application is characterized by comprising the following steps:
receiving an access message of a user accessing a first application permission interface through first terminal equipment, wherein the access message comprises a first token and a user identifier, and the tokens distributed by the user logging in the same application through different terminal equipment are different;
comparing whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in a database or not according to the user identifier, wherein the database only stores the only and effective token corresponding to the same application group identifier of the user; and
if the first application authority interface is the same as the second application authority interface, sending an instruction allowing the user to access the first application authority interface through the first terminal device to the first terminal device; and if not, sending a prompt message to the first terminal equipment to prompt the user of the multi-terminal equipment login conflict.
2. The method of claim 1, further comprising:
receiving a login request message of the user for logging in the first application through the first terminal device, wherein the login request message comprises an identifier of the first application corresponding to the first terminal device, the user identifier and a password;
when the user identification and the password pass the verification, distributing and issuing the first token to the first terminal equipment, wherein the first token comprises the identification of the first application corresponding to the first terminal equipment and the user identification;
and storing the first token in a database, wherein the first token corresponds to a first application group identifier corresponding to the user identifier, and identifiers of different terminals of the user corresponding to the first application form a group corresponding to the first application group identifier.
3. The method according to claim 2, wherein the comparing, according to the user identifier, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in a database specifically includes:
according to the user identification in a first token in the received access message and the identification of a first terminal device corresponding to the first application, searching the first application group identification corresponding to the user identification in the database, and acquiring the token corresponding to the first application group identification stored in the database;
and when the token corresponding to the first application group identifier stored in the database is the first token, the comparison results are the same.
4. The method of claim 2, further comprising:
receiving a login request message of the user for logging in the first application through second terminal equipment, wherein the login request message comprises an identifier of the first application corresponding to the second terminal equipment, the user identifier and the password;
when the user identification and the password pass the verification, distributing and issuing a second token to the second terminal equipment, wherein the second token comprises the identification and the user identification of the second terminal equipment corresponding to the first application;
and storing the second token in a database, wherein the second token corresponds to the first application group identifier corresponding to the user identifier, the first token is covered by the second token, and the first token is invalid.
5. The method according to claim 4, wherein the comparing, according to the user identifier, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in a database specifically includes:
according to the user identification in a first token in the received access message and the identification of a first terminal device corresponding to the first application, searching the first application group identification corresponding to the user identification in the database, and acquiring the token corresponding to the first application group identification stored in the database;
and when the token corresponding to the first application group identifier stored in the database is the second token, the comparison result is different.
6. A mutual exclusion device for multiple terminal equipments in the same application is characterized in that it includes: a receiving unit, a processing unit, a database and a transmitting unit, wherein,
the receiving unit is used for receiving an access message of a user accessing a first application permission interface through first terminal equipment, wherein the access message comprises a first token and a user identifier, and the tokens distributed by the user logging in the same application through different terminal equipment are different;
the database is used for storing tokens corresponding to the first application group identifier of the user identifier, and the database only stores the tokens corresponding to the same application group identifier of the user and only valid;
the processing unit is configured to compare, according to the user identifier, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in the database; if the first application authority interface is the same as the second application authority interface, the sending unit sends an instruction allowing the user to access the first application authority interface through the first terminal device to the first terminal device; and if not, the sending unit sends a prompt message to the first terminal device to prompt the user that the multiple terminal devices are in login conflict.
7. The apparatus according to claim 6, wherein the receiving unit is further configured to receive a login request message for the user to login to the first application through the first terminal device, where the login request message includes an identifier of the first application corresponding to the first terminal device, the user identifier, and a password;
the processing unit is further configured to allocate and issue the first token to the first terminal device through the sending unit after the user identifier and the password pass verification, where the first token includes an identifier of the first terminal device corresponding to the first application and the user identifier;
the database is further configured to store the first token, where the first token corresponds to a first application group identifier corresponding to the user identifier, and identifiers of different terminals of the user corresponding to the first application form a group corresponding to the first application group identifier.
8. The apparatus according to claim 7, wherein the comparing, by the processing unit, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in the database according to the user identifier specifically includes:
according to the user identification in a first token in the received access message and the identification of a first terminal device corresponding to the first application, searching the first application group identification corresponding to the user identification in the database, and acquiring the token corresponding to the first application group identification stored in the database;
and when the token corresponding to the first application group identifier stored in the database is the first token, the comparison results are the same.
9. The apparatus according to claim 7, wherein the receiving unit is further configured to receive a login request message for the user to login to the first application through a second terminal device, where the login request message includes an identifier of the second terminal device corresponding to the first application, the user identifier, and the password;
the processing unit is further configured to allocate and issue a second token to the second terminal device through the sending unit after the user identifier and the password pass verification, where the second token includes an identifier of the second terminal device corresponding to the first application and the user identifier;
the database is further configured to store the second token, where the second token corresponds to the first application group identifier corresponding to the user identifier, the first token is covered by the second token, and the first token is invalid.
10. The apparatus according to claim 9, wherein the comparing, by the processing unit, whether the first token in the access message is the same as a token of a first application group identifier corresponding to the user identifier stored in the database according to the user identifier specifically includes:
according to the user identification in a first token in the received access message and the identification of a first terminal device corresponding to the first application, searching the first application group identification corresponding to the user identification in the database, and acquiring the token corresponding to the first application group identification stored in the database;
and when the token corresponding to the first application group identifier stored in the database is the second token, the comparison result is different.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710667889.2A CN107404488B (en) | 2017-08-07 | 2017-08-07 | Method and device for mutual exclusion of multiple terminal devices in same application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710667889.2A CN107404488B (en) | 2017-08-07 | 2017-08-07 | Method and device for mutual exclusion of multiple terminal devices in same application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107404488A CN107404488A (en) | 2017-11-28 |
| CN107404488B true CN107404488B (en) | 2020-11-27 |
Family
ID=60402083
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710667889.2A Active CN107404488B (en) | 2017-08-07 | 2017-08-07 | Method and device for mutual exclusion of multiple terminal devices in same application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107404488B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108418821B (en) * | 2018-03-06 | 2021-06-18 | 北京焦点新干线信息技术有限公司 | Redis and Kafka-based high-concurrency scene processing method and device for online shopping system |
| CN110493785B (en) * | 2019-09-24 | 2022-01-07 | 东信和平科技股份有限公司 | Login method of mobile client, SIM card and system |
| CN111565181A (en) * | 2020-04-28 | 2020-08-21 | 中国联合网络通信集团有限公司 | Single equipment login method, server and client |
| CN112491931B (en) * | 2020-12-17 | 2023-04-07 | 武汉卓尔信息科技有限公司 | JWT (just noticeable WT) -based current limiting method and device for user authentication |
| CN112948783A (en) * | 2021-02-26 | 2021-06-11 | 平安消费金融有限公司 | Client login management method, device, server and storage medium |
| CN114547569A (en) * | 2022-02-11 | 2022-05-27 | 支付宝(杭州)信息技术有限公司 | Account login processing method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991614A (en) * | 2015-03-03 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Open authorization, resource access method and device, and a server |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7805382B2 (en) * | 2005-04-11 | 2010-09-28 | Mkt10, Inc. | Match-based employment system and method |
| US9557889B2 (en) * | 2009-01-28 | 2017-01-31 | Headwater Partners I Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US20130104220A1 (en) * | 2011-10-24 | 2013-04-25 | Kwang Wee Lee | System and method for implementing a secure USB application device |
| CN104767719B (en) * | 2014-01-07 | 2018-09-18 | 阿里巴巴集团控股有限公司 | Determine Website login terminal whether be mobile terminal method and server |
| KR20170011469A (en) * | 2015-07-23 | 2017-02-02 | (주)세이퍼존 | Method for Providing On-Line Integrated Login Service with security key |
| KR101628004B1 (en) * | 2016-03-02 | 2016-06-08 | (주)케이스마텍 | User simple authentication method and system using user terminal in trusted execution environment |
-
2017
- 2017-08-07 CN CN201710667889.2A patent/CN107404488B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991614A (en) * | 2015-03-03 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Open authorization, resource access method and device, and a server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107404488A (en) | 2017-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107404488B (en) | Method and device for mutual exclusion of multiple terminal devices in same application | |
| WO2019079928A1 (en) | Access token management method, terminal and server | |
| CN110177088B (en) | Temporary identity authentication method, device and system | |
| CN110011957B (en) | Security authentication method and device for enterprise account, electronic equipment and storage medium | |
| CN106302606B (en) | Across the application access method and device of one kind | |
| US20140053251A1 (en) | User account recovery | |
| CN105897663A (en) | Method for determining access authority, device and equipment | |
| CN104469736B (en) | A kind of data processing method, server and terminal | |
| CN111404859A (en) | Client authentication method and device and computer readable storage medium | |
| CN110661779A (en) | Block chain network-based electronic certificate management method, system, device and medium | |
| CN105847287A (en) | Resource access control method based on community local area network and system based on community local area network | |
| CN109829321B (en) | Method, device, equipment and storage medium for authenticating identity | |
| CN106162607A (en) | The management method of a kind of virtual SIM card, device and system | |
| CN110839215B (en) | Cluster communication method, server, terminal equipment and storage medium | |
| CN111314901B (en) | Association method of application program and IMEI (International Mobile Equipment identity) carrying mobile terminal thereof | |
| CN105245526B (en) | Call the method and apparatus of SIM card application | |
| US11374920B2 (en) | Authentication system and authentication method using personal electronic identity gadgets | |
| CN103049693A (en) | Method, device and system for using application program | |
| CN108076084B (en) | Resource sharing method, device and system | |
| CN205864753U (en) | A kind of encryption guard system of terminal unit | |
| CN114385995B (en) | Method for accessing micro-service to industrial Internet through identification analysis based on Handle and identification service system | |
| CN111563249B (en) | IOT authorization-based terminal verification method and system | |
| CN112491868B (en) | Safe, credible and intelligent device authority management method based on block chain | |
| CN112968895B (en) | Password resetting method and device, storage medium and electronic device | |
| CN112311771B (en) | Method for managing user access equipment, management equipment and network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200409 Address after: No. 2-3167, zone a, Nonggang City, No. 2388, Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province Applicant after: Taizhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Applicant before: Phicomm (Shanghai) Co.,Ltd. |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20200714 Address after: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Applicant after: Phicomm (Shanghai) Co.,Ltd. Address before: No. 2-3167, zone a, Nonggang City, No. 2388, Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province Applicant before: Taizhou Jiji Intellectual Property Operation Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201110 Address after: 318015 no.2-3167, zone a, Nonggang City, no.2388, Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province Applicant after: Taizhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Applicant before: Phicomm (Shanghai) Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230109 Address after: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee after: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Address before: 318015 no.2-3167, area a, nonggangcheng, 2388 Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province Patentee before: Taizhou Jiji Intellectual Property Operation Co.,Ltd. |