CN111199037A - Login method, system and device - Google Patents

Login method, system and device Download PDF

Info

Publication number
CN111199037A
CN111199037A CN202010022647.XA CN202010022647A CN111199037A CN 111199037 A CN111199037 A CN 111199037A CN 202010022647 A CN202010022647 A CN 202010022647A CN 111199037 A CN111199037 A CN 111199037A
Authority
CN
China
Prior art keywords
information
login
user
authentication
host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010022647.XA
Other languages
Chinese (zh)
Other versions
CN111199037B (en
Inventor
刘少耿
刘青
华杰
李雨彤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202010022647.XA priority Critical patent/CN111199037B/en
Publication of CN111199037A publication Critical patent/CN111199037A/en
Application granted granted Critical
Publication of CN111199037B publication Critical patent/CN111199037B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The embodiment of the disclosure discloses a login method, a login system and a login device. One embodiment of the method comprises: in response to receiving a login request data packet sent by a client through a target host application, extracting authentication information and a host ID of a user, wherein the host ID is used for representing the identity of a host of the applet running environment; verifying the host ID; generating encryption information characterizing the authentication information and the host ID in response to the verification passing; and sending the encrypted information to the client. According to the implementation mode, the host identity can be verified in the user login process, the user can uniformly login on different host platforms, and the problem that the user cannot uniformly login across the host platforms in a hundred-degree intelligent small program is solved.

Description

Login method, system and device
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a login method, a login system and a login device.
Background
An applet is an application that can be used without downloading and installing, and can run in different application environments (i.e., hosts), such as a web browser application (App), an instant messaging App, and the like. When the same applet Software Development Kit (SDK) is integrated into different hosts, how to realize fast and uniform login of users among different hosts becomes a problem that needs to be solved.
In the prior art, for example, when a small program login is realized by using a webpage App, because the webpage login information of a user is completely isolated from the small program login information, the same user needs to perform login operations twice in one webpage; when the small program logs in the instant messaging App, the small program logs in the instant messaging App depending on the logging of the instant messaging App, and hosts are not distinguished. The conventional applet login scheme cannot meet the requirement of cross-host unified login.
Disclosure of Invention
The embodiment of the disclosure provides a login method, a login system and a login device.
In a first aspect, an embodiment of the present disclosure provides a login method, including: in response to receiving a login request data packet sent by a client through a target host application, extracting authentication information and a host ID of a user, wherein the host ID is used for representing the identity of a host of the applet running environment; verifying the host ID; generating encryption information characterizing the authentication information and the host ID in response to the verification passing; and sending the encrypted information to the client.
In some embodiments, generating, in response to verification passing, cryptographic information characterizing the authentication information and the host ID includes: and in response to the verification passing, encrypting the authentication information and the host ID through a preset first encryption algorithm, and generating a first token for representing the authentication information and the host ID, wherein the first token comprises information for indicating the generation time of the first token.
In some embodiments, the authentication information is generated by the authentication server by: in response to receiving a user authentication data packet sent by a client, analyzing the user authentication data packet, and extracting user login information of a user login applet; authenticating the user login information; and responding to the successful authentication, encrypting the user login information and generating authentication information for representing the user login information.
In some embodiments, in response to successful authentication, encrypting the user login information to generate authentication information for characterizing the user login information, comprises: and if the authentication is successful, encrypting the user login information through a preset second encryption algorithm to generate a second token for representing the user login information, wherein the second token comprises information for indicating the generation time of the second token.
In a second aspect, an embodiment of the present disclosure provides a login system, including: and the applet server is used for executing the login method.
In some embodiments, the login system further comprises an authentication server; the authentication server is used for receiving the user authentication data packet sent by the client and extracting the user login information of the user login applet; authenticating the user login information; and responding to the successful authentication, generating authentication information for representing the user login information, and sending the authentication information to the client.
In some embodiments, the authentication server is further configured to verify timeliness and abnormal situations of user login, where the abnormal situations include at least one of: the number of hosts for user login exceeds a set threshold value, and the user login password is tampered.
In some embodiments, the login system further comprises a client; the client is used for receiving a user login request and generating a user authentication data packet; sending the user authentication data packet to an authentication server; generating a login request data packet in response to receiving authentication information returned by the authentication server; sending the login request data packet to an applet server; and responding to the received encryption information returned by the applet service terminal, and storing the encryption information in local.
In a third aspect, an embodiment of the present disclosure provides a login apparatus, including: the extraction unit is configured to extract the authentication information and the host ID of the user in response to receiving a login request data packet sent by the client through the target host application, wherein the host ID is used for representing the identity of a host of the applet running environment; an authentication unit configured to authenticate the host ID; an encryption unit configured to generate encryption information representing the authentication information and the host ID in response to the verification passing; a transmitting unit configured to transmit the encryption information to the client.
In some embodiments, the encryption unit is further configured to encrypt the authentication information and the host ID by a preset first encryption algorithm in response to the verification passing, and generate a first token for characterizing the authentication information and the host ID, wherein the first token includes information indicating a generation time of the first token.
In some embodiments, the apparatus further comprises: the user extraction unit is configured to respond to the received user authentication data packet sent by the client, analyze the user authentication data packet and extract user login information of the user login applet; a user authentication unit configured to authenticate user login information; and the user encryption unit is configured to encrypt the user login information if the authentication is successful, and generate authentication information for representing the user login information.
In some embodiments, the user encryption unit is further configured to encrypt the user login information through a preset second encryption algorithm if the authentication is successful, and generate a second token for characterizing the user login information, wherein the second token includes information indicating a generation time of the second token.
In a fourth aspect, an embodiment of the present disclosure provides an electronic device, including: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors, cause the one or more processors to implement the method as described in any of the implementations of the first aspect.
In a fifth aspect, embodiments of the present disclosure provide a computer-readable medium on which a computer program is stored, wherein the computer program, when executed by a processor, implements the method as described in any implementation manner of the first aspect.
According to the login method and the login device, the authentication information and the host ID of the user are extracted by receiving a login request data packet sent by the client through the target host application, the host ID is verified, the encrypted information representing the authentication information and the host ID is generated after the verification is passed, the encrypted information is sent to the client, the host identity is verified in the user login process, the user can login on different host platforms in a unified mode, and the problem that the user cannot login across the host platforms in a hundred-degree smart applet is solved.
Drawings
Other features, objects and advantages of the disclosure will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram in which some embodiments of the present disclosure may be applied;
FIG. 2 is a flow diagram for one embodiment of a login method according to the present disclosure;
FIG. 3 is a schematic diagram of one application scenario of a login method according to an embodiment of the present disclosure;
FIG. 4 is a flow diagram of yet another embodiment of a login method according to the present disclosure;
FIG. 5 is a schematic diagram of a login system configuration according to the present disclosure;
FIG. 6 is a schematic block diagram of one embodiment of a login device according to the present disclosure;
FIG. 7 is a schematic structural diagram of an electronic device suitable for use in implementing embodiments of the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that, in the present disclosure, the embodiments and features of the embodiments may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 illustrates an exemplary system architecture 100 to which a login method or login apparatus of an embodiment of the present disclosure may be applied.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and an applet server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the applet server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few. The applet server may be a server that provides various services indicated by a certain applet to a user.
A user may use the terminal devices 101, 102, 103 to interact with the applet server 105 over the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various host applications of the applet, such as a shopping application, a pick-up application, a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal apparatuses 101, 102, and 103 may be hardware or software. When the terminal devices 101, 102, 103 are hardware, they may be various electronic devices having a display screen and sending a login request, including but not limited to smart phones, tablet computers, e-book readers, laptop portable computers, desktop computers, and the like. When the terminal apparatuses 101, 102, 103 are software, they can be installed in the electronic apparatuses listed above. It may be implemented, for example, as multiple software or software modules to provide distributed services, or as a single software or software module. And is not particularly limited herein.
The applet server 105 may be a server that provides various services, such as a server that provides support for login requests of the terminal apparatuses 101, 102, 103. The applet server may perform processing such as encryption on data such as the received service request, and feed back a processing result (e.g., encryption information) to the terminal device.
It should be noted that the login method provided by the embodiment of the present disclosure is generally executed by the applet server 105, and the corresponding login device is generally disposed in the applet server 105.
The applet server may be hardware or software. When the applet server is hardware, it can be implemented as a distributed server cluster composed of multiple servers, or as a single server. When the applet server is software, it may be implemented as multiple pieces of software or software modules, for example, to provide distributed services, or as a single piece of software or software module. And is not particularly limited herein.
It should be understood that the number of terminal devices, networks and applet servers in figure 1 is illustrative only. There may be any number of terminal devices, networks, and applet servers, as desired for an implementation.
With continued reference to fig. 2, a flow 200 of one embodiment of a login method in accordance with the present disclosure is shown. The login method comprises the following steps:
step 201, in response to receiving a login request data packet sent by a client through a target host application, extracting authentication information and a host ID of a user.
In this embodiment, when receiving a login request packet sent by a client through a target host application by using an applet Development Kit (SDK), an execution subject (e.g., an applet server shown in fig. 1) for a login method parses the login request packet, and extracts authentication information and a host ID of a user, where the host ID is used to characterize an identity of a host of an applet running environment, the authentication information of the user may be information generated after the user is authenticated by the identity, and the target host application is an application program of an applet host platform, for example: baidu App, WIFI master key, WeChat App and microblog App. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G/5G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future.
Step 202, verify the host ID.
In this embodiment, the execution main body verifies the extracted host ID by a preset verification method, and determines whether the host ID meets the verification requirement, and if it is determined that the host ID meets the verification requirement, the execution main body passes the verification. For example, consistency comparison is performed on the extracted host ID, and if the host ID is consistent with the host identity information stored in the library in advance, it is determined that the host ID meets the verification requirement.
In response to the verification passing, encryption information characterizing the authentication information and the host ID is generated, step 203.
In this embodiment, after the verification of the host ID is passed, the execution agent may encrypt the authentication information and the host ID by using an encryption algorithm, and generate encryption information representing the authentication information and the host ID.
And step 204, sending the encrypted information to the client.
In this embodiment, the executing entity returns the generated encrypted information to the client that sent the login request, so that the client stores the encrypted information locally, and the encrypted information is taken to prove the legal identity of the user each time the user requests login.
It should be noted that the above-mentioned authentication and encryption method is a well-known technology widely studied and applied at present, and is not described herein again.
With continued reference to fig. 3, fig. 3 is a schematic diagram 300 of an application scenario of the login method according to the present embodiment. The user enters login information via the applet client 301, such as: the small program client 301 sends a login request data packet 303 to the small program server 302 through the target host application according to login information input by a user, verifies the extracted host ID after the small program server 302 receives the login request data packet 303, encrypts authentication information and the host ID and returns the encrypted encryption information to the small program client to inform the user of a login result when the verification is passed.
According to the login method provided by the embodiment of the disclosure, the login request data packet sent by the client through the target host application is received, the authentication information and the host ID of the user are extracted, the host ID is verified, the encrypted information representing the authentication information and the host ID is generated after the verification is passed, the encrypted information is sent to the client, the verification of the host dimension is increased in the user login process, the user can login only by uniformly using the account with the user dimension when logging in different host applications, the user does not need to log in the host account again, the login times are reduced, the same user can login on different host platforms uniformly, and the user experience is improved.
With further reference to fig. 4, a flow of yet another embodiment of a login method is shown. The process 400 of the login method includes the following steps:
step 401, in response to receiving a login request data packet sent by a client through a target host application, extracting authentication information and a host ID of a user.
At step 402, the host ID is verified.
And step 403, in response to the verification, encrypting the authentication information and the host ID through a preset first encryption algorithm to generate a first token for representing the authentication information and the host ID.
In this embodiment, after the execution subject knows that the verification passes, the execution subject encrypts the authentication information and the host ID by a preset first encryption algorithm to generate a token (token) for representing the authentication information and the host ID. Wherein the token includes information indicating a generation time of the token, i.e., a current timestamp.
In some optional implementations of this embodiment, the authentication information is generated as follows: in response to receiving a user authentication data packet sent by a client, analyzing the user authentication data packet, and extracting user login information of a user login applet; authenticating the user login information; and responding to the successful authentication, encrypting the user login information and generating authentication information for representing the user login information. By authenticating the user login information, the user can successively complete user authentication and host platform verification in one login without the need of twice login, thereby simplifying the user login operation and realizing the capability of uniformly and quickly accessing the applet.
In some optional implementation manners of this embodiment, in response to successful authentication, encrypting the user login information to generate authentication information for representing the user login information, where the method includes: and if the authentication is successful, encrypting the user login information through a preset second encryption algorithm to generate a second token (token) for representing the user login information, wherein the token comprises information for indicating the generation time of the second token. By carrying out two encryption processes of user authentication encryption and host verification encryption on the login information, the encryption information cannot be easily leaked or tampered, and the login is safer.
Step 404, sending the encrypted information to the client.
In this embodiment, the specific operations of steps 401, 402, and 404 are substantially the same as the operations of steps 201, 202, and 204 in the embodiment shown in fig. 2, and are not described again here.
As can be seen from fig. 4, compared with the embodiment corresponding to fig. 2, the process 400 of the login method in this embodiment encrypts the authentication information and the host ID through a preset first encryption algorithm to generate a token for representing the authentication information and the host ID, and based on the advantage of the token authentication process, token authentication does not need to be bound to a specific identity verification scheme, and can be generated anywhere, so that the cross-host login range is wider, and the user login is more convenient and faster.
With further reference to fig. 5, the present disclosure provides a login system, as shown in fig. 5, the system includes a client 501, an authentication server 502, and an applet server 503, wherein the applet server 503 is configured to perform the login method. The authentication server 502 is configured to receive a user authentication data packet sent by the client 501, and extract user login information of a user login applet; authenticating the user login information; in response to the authentication success, authentication information for characterizing the user login information is generated and sent to the client 501. A client 501, configured to receive a user login request and generate a user authentication data packet; sending the user authentication data packet to the authentication server 502; generating a login request data packet in response to receiving authentication information returned by the authentication server 502; sending the login request data packet to the applet server 503; in response to receiving the encryption information returned by the applet server 503, the encryption information is stored locally. As an example, when the client receives a login request of a user, a user authentication data packet is generated and sent to the authentication server, the authentication server extracts user login information (including a user login account and a user login password) of a user login applet from the authentication service data packet for authentication, after the authentication is successful, authentication information representing the user login information is generated and sent to the client, after the client receives the authentication information of the user, the client generates a login request data packet together with the host identity information and sends the login request data packet to the applet server, the applet server extracts the authentication information and the host ID of the user according to the received login request data packet, and verifying the host ID, encrypting the authentication information and the host ID after the verification is passed, generating encryption information representing the authentication information and the host ID, sending the encryption information to the client, and storing the encryption information in the local by the client.
In some optional implementation manners of this embodiment, the authentication server is further configured to verify timeliness and an abnormal condition of the user login, where the abnormal condition includes at least one of: the number of hosts for user login exceeds a set threshold value, and the user login password is tampered.
With further reference to fig. 6, as an implementation of the methods shown in the above-mentioned figures, the present disclosure provides an embodiment of a login apparatus, which corresponds to the embodiment of the method shown in fig. 2, and which is particularly applicable to various electronic devices.
As shown in fig. 6, the login apparatus 600 of the present embodiment includes: an extraction unit 601, an authentication unit 602, an encryption unit 603, and a transmission unit 604. The extracting unit 601 is configured to extract authentication information and a host ID of a user in response to receiving a login request packet sent by a client through a target host application; an authentication unit 602 configured to authenticate the host ID; an encryption unit 603 configured to generate encryption information representing the authentication information and the host ID in response to the verification passing; a sending unit 604 configured to send the encryption information to the client.
In this embodiment, specific processes of the extracting unit 601, the verifying unit 602, the encrypting unit 603, and the sending unit 604 of the login apparatus 600 and technical effects thereof can refer to the related descriptions of step 201 to step 204 in the embodiment corresponding to fig. 2, and are not described herein again.
In some optional implementations of this embodiment, the encryption unit is further configured to encrypt the authentication information and the host ID by a preset first encryption algorithm in response to the verification passing, and generate a first token for characterizing the authentication information and the host ID, where the first token includes information indicating a generation time of the first token.
In some optional implementations of this embodiment, the apparatus further includes: the user extraction unit is configured to respond to the received user authentication data packet sent by the client, analyze the user authentication data packet and extract user login information of the user login applet; a user authentication unit configured to authenticate user login information; and the user encryption unit is configured to encrypt the user login information if the authentication is successful, and generate authentication information for representing the user login information.
In some optional implementations of this embodiment, the user encryption unit is further configured to encrypt the user login information through a preset second encryption algorithm if the authentication is successful, and generate a second token for characterizing the user login information, where the second token includes information indicating a generation time of the second token.
Referring now to FIG. 7, a schematic diagram of an electronic device (e.g., the applet server of FIG. 1) 700 suitable for use in implementing embodiments of the present disclosure is shown. The terminal device in the embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like. The applet server shown in fig. 7 is only one example and should not bring any limitations to the functionality and scope of use of the embodiments of the present disclosure.
As shown in fig. 7, electronic device 700 may include a processing means (e.g., central processing unit, graphics processor, etc.) 701 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from storage 708 into a Random Access Memory (RAM) 703. In the RAM703, various programs and data necessary for the operation of the electronic apparatus 700 are also stored. The processing device 701, the ROM 702, and the RAM703 are connected to each other by a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
Generally, the following devices may be connected to the I/O interface 705: input devices 706 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 707 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 708 including, for example, magnetic tape, hard disk, etc.; and a communication device 709. The communication means 709 may allow the electronic device 700 to communicate wirelessly or by wire with other devices to exchange data. While fig. 7 illustrates an electronic device 700 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in fig. 7 may represent one device or may represent multiple devices as desired.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via the communication means 709, or may be installed from the storage means 708, or may be installed from the ROM 702. The computer program, when executed by the processing device 701, performs the above-described functions defined in the methods of embodiments of the present disclosure.
It should be noted that the computer readable medium described in the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In embodiments of the present disclosure, however, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: in response to receiving a login request data packet sent by a client through a target host application, extracting authentication information and a host ID of a user, wherein the host ID is used for representing the identity of a host of the applet running environment; verifying the host ID; generating encryption information characterizing the authentication information and the host ID in response to the verification passing; and sending the encrypted information to the client.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes an extraction unit, a verification unit, an encryption unit, and a transmission unit. The names of these units do not in some cases constitute a limitation on the units themselves, for example, the extraction unit may also be described as "extracting authentication information and a host ID of a user in response to receiving a login request packet sent by a client through a target host application".
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is made without departing from the inventive concept as defined above. For example, the above features and (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (14)

1. A login method, comprising:
in response to receiving a login request data packet sent by a client through a target host application, extracting authentication information and a host ID of a user, wherein the host ID is used for representing the identity of a host of the applet running environment;
verifying the host ID;
generating encryption information characterizing the authentication information and the host ID in response to verification passing;
and sending the encryption information to the client.
2. The login method of claim 1, said generating, in response to verification passing, encryption information characterizing said authentication information and said host ID, comprising:
and in response to the verification passing, encrypting the authentication information and the host ID through a preset first encryption algorithm, and generating a first token for representing the authentication information and the host ID, wherein the first token comprises information for indicating the generation time of the first token.
3. The login method of claim 1, wherein the authentication information is generated by an authentication server by:
in response to receiving a user authentication data packet sent by a client, analyzing the user authentication data packet, and extracting user login information of a user for logging in the applet;
authenticating the user login information;
and responding to successful authentication, encrypting the user login information and generating the authentication information for representing the user login information.
4. The login method of claim 3, said encrypting said user login information in response to successful authentication, generating said authentication information characterizing said user login information, comprising:
and if the authentication is successful, encrypting the user login information through a preset second encryption algorithm to generate a second token for representing the user login information, wherein the second token comprises information for indicating the generation time of the second token.
5. A login system, comprising: the applet server, wherein,
the applet server for performing the login method according to any one of claims 1-4.
6. The login system of claim 5, wherein the login system further comprises an authentication server;
the authentication server is used for receiving a user authentication data packet sent by the client and extracting user login information of a user for logging in the applet; authenticating the user login information; and responding to the successful authentication, generating the authentication information for representing the user login information, and sending the authentication information to a client.
7. The login system of claim 6, the authentication server further configured to verify timeliness and abnormal situations of user login, wherein the abnormal situations include at least one of: the number of hosts for user login exceeds a set threshold value, and the user login password is tampered.
8. A login system according to claim 5, wherein said login system further comprises a client;
the client is used for receiving a user login request and generating the user authentication data packet; sending the user authentication data packet to the authentication server; generating the login request data packet in response to receiving the authentication information returned by the authentication server; sending the login request data packet to the applet server; and responding to the received encryption information returned by the applet server, and storing the encryption information locally.
9. A login apparatus, comprising:
the extraction unit is configured to extract authentication information and a host ID of a user in response to receiving a login request data packet sent by a client through a target host application, wherein the host ID is used for representing the identity of a host of the applet running environment;
an authentication unit configured to authenticate the host ID;
an encryption unit configured to generate encryption information characterizing the authentication information and the host ID in response to verification passing;
a sending unit configured to send the encryption information to the client.
10. The login apparatus according to claim 9, the encryption unit being further configured to encrypt the authentication information and the host ID by a preset first encryption algorithm in response to the verification passing, and generate a first token for characterizing the authentication information and the host ID, wherein the first token includes information indicating a generation time of the first token.
11. The login apparatus of claim 9, further comprising:
the user extraction unit is configured to respond to the received user authentication data packet sent by the client, analyze the user authentication data packet and extract user login information of a user for logging in the small program;
a user authentication unit configured to authenticate the user login information;
and the user encryption unit is configured to encrypt the user login information if the authentication is successful, and generate the authentication information for representing the user login information.
12. The login apparatus according to claim 11, wherein the user encryption unit is further configured to encrypt the user login information by a preset second encryption algorithm if the authentication is successful, and generate a second token for characterizing the user login information, wherein the second token includes information indicating a generation time of the second token.
13. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-4.
14. A computer-readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method of any one of claims 1-4.
CN202010022647.XA 2020-01-09 2020-01-09 Login method, system and device Active CN111199037B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010022647.XA CN111199037B (en) 2020-01-09 2020-01-09 Login method, system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010022647.XA CN111199037B (en) 2020-01-09 2020-01-09 Login method, system and device

Publications (2)

Publication Number Publication Date
CN111199037A true CN111199037A (en) 2020-05-26
CN111199037B CN111199037B (en) 2022-08-02

Family

ID=70746929

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010022647.XA Active CN111199037B (en) 2020-01-09 2020-01-09 Login method, system and device

Country Status (1)

Country Link
CN (1) CN111199037B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112069436A (en) * 2020-08-11 2020-12-11 长沙市到家悠享网络科技有限公司 Page display method, system and equipment
CN112528268A (en) * 2020-12-04 2021-03-19 平安科技(深圳)有限公司 Cross-channel applet login management method and device and related equipment
CN112953965A (en) * 2021-03-18 2021-06-11 杭州网易云音乐科技有限公司 Client login method and system, client, medium and computing device
CN113468499A (en) * 2021-07-06 2021-10-01 北京景安云信科技有限公司 Method for replacing authentication information in Mongo protocol authentication mode process by using agent
CN114363088A (en) * 2022-02-18 2022-04-15 京东科技信息技术有限公司 Method and device for requesting data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109768961A (en) * 2018-12-12 2019-05-17 平安科技(深圳)有限公司 Wechat small routine login method, device and the storage medium led to based on an account
CN110210203A (en) * 2019-06-04 2019-09-06 武汉神算云信息科技有限责任公司 The method for security protection of wechat small routine and API, device, equipment and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109768961A (en) * 2018-12-12 2019-05-17 平安科技(深圳)有限公司 Wechat small routine login method, device and the storage medium led to based on an account
CN110210203A (en) * 2019-06-04 2019-09-06 武汉神算云信息科技有限责任公司 The method for security protection of wechat small routine and API, device, equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
佚名: "微信小程序之微信登陆——微信小程序教程系列(20)", 《CSDN博客》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112069436A (en) * 2020-08-11 2020-12-11 长沙市到家悠享网络科技有限公司 Page display method, system and equipment
CN112528268A (en) * 2020-12-04 2021-03-19 平安科技(深圳)有限公司 Cross-channel applet login management method and device and related equipment
CN112528268B (en) * 2020-12-04 2023-09-19 平安科技(深圳)有限公司 Cross-channel applet login management method and device and related equipment
CN112953965A (en) * 2021-03-18 2021-06-11 杭州网易云音乐科技有限公司 Client login method and system, client, medium and computing device
CN112953965B (en) * 2021-03-18 2022-11-01 杭州网易云音乐科技有限公司 Client login method and system, client, medium and computing device
CN113468499A (en) * 2021-07-06 2021-10-01 北京景安云信科技有限公司 Method for replacing authentication information in Mongo protocol authentication mode process by using agent
CN114363088A (en) * 2022-02-18 2022-04-15 京东科技信息技术有限公司 Method and device for requesting data
CN114363088B (en) * 2022-02-18 2024-04-16 京东科技信息技术有限公司 Method and device for requesting data

Also Published As

Publication number Publication date
CN111199037B (en) 2022-08-02

Similar Documents

Publication Publication Date Title
CN111199037B (en) Login method, system and device
CN111258602B (en) Information updating method and device
CN108923925B (en) Data storage method and device applied to block chain
CN112866385B (en) Interface calling method and device, electronic equipment and storage medium
CN110555300A (en) application program authorization method, client, server, terminal device and medium
CN110705985B (en) Method and apparatus for storing information
CN108564363B (en) Transaction processing method, server, client and system
CN114584381A (en) Security authentication method and device based on gateway, electronic equipment and storage medium
CN110765490A (en) Method and apparatus for processing information
CN112329044A (en) Information acquisition method and device, electronic equipment and computer readable medium
CN113259353A (en) Information processing method and device and electronic equipment
CN112767142B (en) Processing method, device, computing equipment and medium for transaction file
CN113079085B (en) Business service interaction method, business service interaction device, business service interaction equipment and storage medium
CN114780124A (en) Differential upgrading method, device, medium and electronic equipment
US9973486B2 (en) Systems and methods for authorizing a session between a browser and a terminal server
CN114186994A (en) Method, terminal and system for using digital currency wallet application
CN110166226B (en) Method and device for generating secret key
CN111355584B (en) Method and apparatus for generating blockchain multi-signatures
CN111752625A (en) Method and device for interface mock
CN110659476A (en) Method and apparatus for resetting password
CN111786936A (en) Method and device for authentication
CN112468470B (en) Data transmission method and device and electronic equipment
CN113381982B (en) Registration method, registration device, electronic equipment and storage medium
CN112437052B (en) Method, apparatus, electronic device, and computer-readable medium for processing information
CN111355750B (en) Method and device for recognizing brute force password cracking behavior

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant