CN112948803A - Login method, system, device and storage medium of application program - Google Patents

Login method, system, device and storage medium of application program Download PDF

Info

Publication number
CN112948803A
CN112948803A CN202110221282.8A CN202110221282A CN112948803A CN 112948803 A CN112948803 A CN 112948803A CN 202110221282 A CN202110221282 A CN 202110221282A CN 112948803 A CN112948803 A CN 112948803A
Authority
CN
China
Prior art keywords
application program
authorized
identifier
service type
user equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110221282.8A
Other languages
Chinese (zh)
Other versions
CN112948803B (en
Inventor
叶力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202110221282.8A priority Critical patent/CN112948803B/en
Publication of CN112948803A publication Critical patent/CN112948803A/en
Application granted granted Critical
Publication of CN112948803B publication Critical patent/CN112948803B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Stored Programmes (AREA)

Abstract

The application relates to cloud security, and discloses a login method, a system, equipment and a storage medium of an application program, wherein the method comprises the following steps: receiving an identifier of the user equipment and an identifier of at least one first application program which are sent by the user equipment; determining whether at least one first login information corresponding to the identifier of at least one first application program exists in a login information base or not according to the identifier of the user equipment; if so, generating an authorized application program list according to the priority level of the authorized application program in the at least one first application program, wherein the priority level of the authorized application program is determined according to the service type of the authorized application program; sending a list of authorized applications to the user device; and if the authorization request sent by the user equipment is detected, sending an authorization response to the user equipment according to the third login information corresponding to the third application program and the identifier of the second application program. By implementing the embodiment of the application, the application scenes of joint login are enriched.

Description

Login method, system, device and storage medium of application program
Technical Field
The present application relates to the field of computer technologies, and in particular, to a login method, system, device, and storage medium for an application.
Background
With the rapid development of information technology, various applications are emerging. Generally, after a user downloads an application, the user often needs to register to log in the application. In order to provide the user experience, a joint login manner is proposed so as to reduce the registration process. The joint login is also called authorized login, and refers to a login service that can be verified by using a third-party account. By establishing the one-to-one relationship between the account of the application program and the account of the third party, the user does not perform online registration, the repeated input of the login account and the login password is avoided, and the user operation is greatly facilitated.
However, in the conventional joint login method, an application program with a large flow is usually used as a main part, and the application program is used as an authorized party to jointly log in other application programs. Namely, the combined login mode is single and cannot be adapted to more application scenarios.
Disclosure of Invention
The embodiment of the application provides a login method, a login system, a login device and a login storage medium of an application program, and application scenes of combined login are enriched.
A first aspect of the present application provides a login method for an application program, including:
receiving an identifier of user equipment and an identifier of at least one first application program, which are sent by the user equipment, wherein the identifier of the user equipment and the identifier of the at least one first application program are obtained when the user equipment detects that second login information corresponding to a second application program does not exist on the user equipment;
determining whether at least one first login information corresponding to the identifier of the at least one first application program in a login information base or not according to the identifier of the user equipment;
if yes, generating an authorized application program list according to the priority level of an authorized application program in the at least one first application program, wherein the priority level of the authorized application program is determined according to the service type of the authorized application program;
sending the list of authorized applications to the user device;
if an authorization request sent by the user equipment is detected, sending an authorization response to the user equipment according to third login information corresponding to a third application program and the identifier of the second application program, wherein the third application program is one application program in the authorized application program list, the third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request, and the authorization response carries information that the second application program is successfully logged in.
A second aspect of the present application provides a login system for an application program, including:
a receiving module, configured to receive an identifier of a user equipment and an identifier of at least one first application program, where the identifier of the user equipment and the identifier of the at least one first application program are obtained by the user equipment when detecting that second login information corresponding to a second application program does not exist on the user equipment;
a determining module, configured to determine, according to the identifier of the user equipment, whether at least one piece of first login information corresponding to the identifier of the at least one first application one to one exists in a login information base;
if yes, generating an authorized application program list according to the priority level of an authorized application program in the at least one first application program, wherein the priority level of the authorized application program is determined according to the service type of the authorized application program;
a sending module, configured to send the authorized application list to the user equipment;
the sending module is further configured to send an authorization response to the user equipment according to third login information corresponding to a third application program and the identifier of the second application program if the authorization request sent by the user equipment is detected, where the third application program is one application program in the authorized application program list, the third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request, and the authorization response carries information that the second application program is successfully logged in.
A third aspect of the application provides a computer apparatus comprising a processor, a memory, a communications interface and one or more programs, wherein the one or more programs are stored in the memory and are generated as instructions which are executed by the processor to perform steps in any of the methods of a method of logging in of an application program.
A third aspect of the present application provides a computer readable storage medium for storing a computer program for execution by the processor to implement the method of any one of the login methods of an application.
It can be seen that, in the above technical solution, when it is detected that there is no second login information corresponding to the second application program on the user equipment, the identifier of the user equipment and the identifier of the at least one first application program are obtained, and the identifier of the user equipment and the identifier of the at least one first application program are sent, so that the server can obtain the identifiers of the other application programs installed on the user equipment. Meanwhile, when the login information base comprises login information corresponding to the identification of other application programs, an authorized application program list can be generated, and the priority level of the authorized application program is determined according to the service type of the authorized application program, so that the situation that the application programs with more privacy information, such as the service type belonging to payment, become the authorized application program is avoided, and the information security under the combined login scene is improved. And meanwhile, an authorized application program list is sent to the user equipment, and when an authorization request sent by the user equipment is detected, an authorization response is sent to the user equipment according to third login information corresponding to a third application program and the identifier of a second application program, so that more optional application programs for joint login are provided for the user, and the application scene of joint login is enriched.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Wherein:
fig. 1 is a schematic diagram of a communication system provided in an embodiment of the present application;
fig. 2 is a flowchart illustrating a login method of an application according to an embodiment of the present application;
fig. 3 is a flowchart illustrating a login method of another application according to an embodiment of the present application;
fig. 4 is a schematic diagram of service type determination provided in an embodiment of the present application;
fig. 5 is a schematic diagram of a login system of an application according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a computer device in a hardware operating environment according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The following are detailed below.
The terms "first" and "second" in the description and claims of the present application and the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Referring first to fig. 1, fig. 1 is a schematic diagram of a communication system provided by an embodiment of the present application, where the communication system 100 includes a first server 10, a user device 20, and a login information base 30. The first server 10 may communicate with the user device 20, and the server 10 may obtain and store the login information in the login information base 30, which is not limited herein.
The user device 20 may be a mobile phone, a tablet computer, a notebook computer, a palm top computer, an MID, a desktop computer, or other server device, among others.
The log information database 30 may be a block chain or a database, which is not limited herein.
It will be appreciated that a blockchain is a chained data structure that connects blocks of data in chronological order and cryptographically secures a tamper-proof and counterfeit-proof distributed ledger. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Further, the properties of the blockchain include openness, consensus, de-centering, de-trust, transparency, anonymity of both sides, non-tampering, traceability, and the like. Open and transparent means that anyone can participate in the blockchain network, and each device can be used as a node, and each node allows a complete database copy to be obtained. The nodes maintain the whole block chain together through competition calculation based on a set of consensus mechanism. When any node fails, the rest nodes can still work normally. The decentralization and the distrust mean that a block chain is formed into an end-to-end network by a plurality of nodes together, and no centralized equipment or management mechanism exists. The data exchange between the nodes is verified by a digital signature technology, mutual trust is not needed, and other nodes cannot be deceived as long as the data exchange is carried out according to the rules set by the system. Transparent and anonymous meaning that the operation rule of the block chain is public, and all data information is also public, so that each transaction is visible to all nodes. Because the nodes are distrusted, the nodes do not need to disclose identities, and each participated node is anonymous. Among other things, non-tamperable and traceable means that modifications to the database by each and even multiple nodes cannot affect the databases of other nodes unless more than 51% of the nodes in the entire network can be controlled to modify at the same time, which is almost impossible. In the block chain, each transaction is connected with two adjacent blocks in series through a cryptographic method, so that any transaction record can be traced.
In particular, the blockchain may utilize blockchain data structures to verify and store data, utilize distributed node consensus algorithms to generate and update data, cryptographically secure data transmission and access, and utilize intelligent contracts comprised of automated script code to program and manipulate data in a completely new distributed infrastructure and computing manner. Therefore, the characteristic that the block chain technology is not tampered fundamentally changes a centralized credit creation mode, and the irrevocability and the safety of data are effectively improved. The intelligent contract enables all the terms to be written into programs, the terms can be automatically executed on the block chain, and therefore when conditions for triggering the intelligent contract exist, the block chain can be forcibly executed according to the content in the intelligent contract and is not blocked by any external force, effectiveness and execution force of the contract are guaranteed, cost can be greatly reduced, and efficiency can be improved. Each node on the block chain has the same account book, and the recording process of the account book can be ensured to be public and transparent. The block chain technology can realize point-to-point, open and transparent direct interaction, so that an information interaction mode with high efficiency, large scale and no centralized agent becomes a reality.
In the present application, the login information base 30 includes a plurality of login information, and each of the plurality of login information may include, for example, login time, login method, user account, identification of the user equipment, and validity period. In addition, it can be understood that the login time is the time of last login of a certain application program, the login mode of last login of a certain application program, the user account is the account of last login of a certain application program, the identifier of the user equipment is the identifier of the user equipment running the application program when last login of a certain application program, and the validity period is the validity period of last login of a certain application program.
The communication system 100 may further include a second server 40. Wherein the first server 10 may communicate with the second server 40.
With the rapid development of information technology, various applications are emerging. Generally, after a user downloads an application, the user often needs to register to log in the application. In order to provide the user experience, a joint login manner is proposed so as to reduce the registration process. The joint login is also called authorized login, and refers to a login service that can be verified by using a third-party account. By establishing the one-to-one relationship between the account of the application program and the account of the third party, the user does not perform online registration, the repeated input of the login account and the login password is avoided, and the user operation is greatly facilitated.
However, in the conventional joint login method, an application program with a large flow is usually used as a main part, and the application program is used as an authorized party to jointly log in other application programs. Namely, the combined login mode is single and cannot be adapted to more application scenarios.
Based on this, the embodiments of the present application provide a method for logging in an application to solve the above problem, and the embodiments of the present application are described in detail below.
It should be noted that, the login method for the application provided by the present application may be applied to the first server in fig. 1, or applied to a login system for the application, which is not limited herein.
Referring to fig. 2, fig. 2 is a schematic flowchart of a login method of an application according to an embodiment of the present application. As shown in fig. 2, the method includes:
201. the method includes that a first server receives an identifier of user equipment and an identifier of at least one first application program, wherein the identifier of the user equipment and the identifier of the at least one first application program are sent by the user equipment and are obtained when the user equipment detects that second login information corresponding to a second application program does not exist on the user equipment.
The identifier of the user equipment and the identifier of the at least one first application are obtained by calling a software development kit from a white list when the user equipment detects that second login information corresponding to a second application does not exist on the user equipment, wherein the white list comprises all applications except the second application. It is understood that at least one of the first applications is part or all of the applications on the white list, and the applications on the white list are all running on the user equipment.
Among them, Software Development Kit (SDK) is generally a collection of development tools used by some software engineers to build application software for a specific software package, software framework, hardware platform, operating system, and the like.
The SDK may be, for example, an Application Programming Interface (API) or a Dynamic Link Library (DLL), and is not limited herein.
The identity of the ue may be, for example, a user permanent identity (SUPI), a Permanent Equipment Identifier (PEI), a general public user identity (GPSI), and the like, which is not limited herein.
The second login information may include, for example, a second login time, a second login method, a second user account, an identifier of the user equipment, and a second validity period. In addition, it can be understood that the second login time is the time of last login of the second application program, the login mode of last login of the second application program, the second user account is the account number of login of the second application program, the identifier of the user equipment running the second application program when the identifier of the user equipment last logs in the second application program, and the second validity period is the validity period of last login of the second application program.
202. And the first server determines whether at least one first login information corresponding to the identifier of the at least one first application program exists in a login information base or not according to the identifier of the user equipment.
It will be appreciated that the same application may be logged on at different user devices. Illustratively, the login information base includes login information corresponding to login of the application 1 on the user device 1, login information corresponding to login of the application 1 on the user device 2, login information corresponding to login of the application 2 on the user device 1, and login information corresponding to login of the application 2 on the user device 2. Assuming that the identifier of the current user equipment is the identifier of the user equipment 1, and the identifier of the at least one first application includes the identifier of the application 1 and the identifier of the application 2, then the at least one first login information in one-to-one correspondence with the identifier of the at least one first application includes login information corresponding to the application 1 when logging in the user equipment 1 and login information corresponding to the application 2 when logging in the user equipment 1.
203. If so, the first server generates an authorized application program list according to the priority level of an authorized application program in the at least one first application program, wherein the priority level of the authorized application program is determined according to the service type of the authorized application program.
Wherein the service type includes at least one of: audio service, video service, text service, voice service, map service, payment service, alarm service, internet of vehicles service, internet of things service, low-delay and high-reliability service.
204. The first server sends the list of authorized applications to the user device.
205. If the authorization request sent by the user equipment is detected, the first server sends an authorization response to the user equipment according to third login information corresponding to a third application program and the identifier of the second application program, wherein the third application program is one application program in the authorized application program list, the third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request, and the authorization response carries information that the second application program is successfully logged in.
It can be seen that, in the above technical solution, when it is detected that there is no second login information corresponding to the second application program on the user equipment, the identifier of the user equipment and the identifier of the at least one first application program are obtained, and the identifier of the user equipment and the identifier of the at least one first application program are sent, so that the server can obtain the identifiers of the other application programs installed on the user equipment. Meanwhile, when the login information base comprises login information corresponding to the identification of other application programs, an authorized application program list can be generated, and the priority level of the authorized application program is determined according to the service type of the authorized application program, so that the situation that the application programs with more privacy information, such as the service type belonging to payment, become the authorized application program is avoided, and the information security under the combined login scene is improved. And meanwhile, an authorized application program list is sent to the user equipment, and when an authorization request sent by the user equipment is detected, an authorization response is sent to the user equipment according to third login information corresponding to a third application program and the identifier of a second application program, so that more optional application programs for joint login are provided for the user, and the application scene of joint login is enriched.
Referring to fig. 3, fig. 3 is a schematic flowchart of a login method of another application program according to an embodiment of the present application. As shown in fig. 3, the method includes:
301-.
305. And if the authorization request sent by the user equipment is detected, the first server sends the authorization request to a second server, wherein the authorization request is used for indicating the second server to allow the second application program corresponding to the identifier of the second application program to log in by adopting third login information corresponding to the third application program according to third login information corresponding to the third application program.
The third application program is an application program in the authorized application program list, and third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request.
Optionally, the authorization request is used to instruct the second server to allow the second application program corresponding to the identifier of the second application program to log in by using the third login information corresponding to the third application program when the third login information corresponding to the third application program is verified.
306. The first server receives the authorization response sent by the second server.
And the authorization response carries information of successful login of the second application program.
307. The first server sends the authorization response to the user equipment.
It can be seen that, in the above technical solution, when it is detected that there is no second login information corresponding to the second application program on the user equipment, the identifier of the user equipment and the identifier of the at least one first application program are obtained, and the identifier of the user equipment and the identifier of the at least one first application program are sent, so that the server can obtain the identifiers of the other application programs installed on the user equipment. Meanwhile, when the login information base comprises login information corresponding to the identification of other application programs, an authorized application program list can be generated, and the priority level of the authorized application program is determined according to the service type of the authorized application program, so that the situation that the application programs with more privacy information, such as the service type belonging to payment, become the authorized application program is avoided, and the information security under the combined login scene is improved. And meanwhile, an authorized application program list is sent to the user equipment, and when an authorization request sent by the user equipment is detected, an authorization response is sent to the user equipment according to third login information corresponding to a third application program and the identifier of a second application program, so that more optional application programs for joint login are provided for the user, and the application scene of joint login is enriched.
In one possible embodiment, the generating an authorized application list according to the priority level of an authorized application in the at least one first application includes: acquiring a data stream corresponding to each first application program in the at least one first application program within a preset time period; determining a service type corresponding to each first application program in the at least one first application program according to the data stream corresponding to each first application program in the at least one first application program; determining the priority level of the authorized application program according to the service type corresponding to each first application program in the at least one first application program; and generating the authorized application program list according to the priority level of the authorized application programs from high to low.
The preset time period may be set by an administrator or may be configured in a configuration file, which is not limited herein.
It should be noted that the data flow refers to a set formed by messages and/or message slices with the same five-tuple information. The quintuple information refers to a source Internet Protocol (IP) address, a destination IP address, a source port number, a destination port number, and a protocol number. That is, the quintuple information of each packet in the same data flow is the same, and the quintuple information of different data flows is different. The difference between the two quintuple information may be understood as that at least one of the two quintuple information is different.
The data flow comprises at least one message aiming at the data flow corresponding to each first application program in the at least one first application program, and the message header of each message in the at least one message comprises a service type identifier.
It can be seen that, in the above technical solution, the data stream corresponding to each first application program in the at least one first application program is obtained within the preset time period, so as to determine the service type corresponding to each first application program in the at least one first application program, and further determine the priority level of the authorized application program, thereby avoiding a situation that the application program with more privacy information is an authorized application program, such as an application program with a service type belonging to a payment class, and further improving the security of information in a combined login scenario. Meanwhile, an authorized application program list is generated according to the priority level of the authorized application programs from high to low, so that more optional application programs for joint login are provided for a user, and the application scenes of joint login are enriched. In addition, the application program list with high priority level is placed at the top of the authorized application program list, so that the possibility of user selection is increased, the condition that private data is leaked due to the fact that the user selects the application program with more private data to perform joint login is avoided, and the information safety under the joint login scene is improved.
In a possible implementation manner, the determining, according to a data stream corresponding to each of the at least one first application, a service type corresponding to each of the at least one first application includes: for a data stream corresponding to each first application program in the at least one first application program, acquiring a service type identifier included in a message header of each message in the data stream; determining the number of message headers comprising the same service type identifier in the data stream according to the service type identifier included in the message header of each message in the data stream; and determining the service type corresponding to each first application program in the at least one first application program according to the number of the message headers comprising the same service type identifier in the data stream.
Illustratively, the data stream corresponding to any first application a in the at least one first application includes 4 messages. Specifically, referring to fig. 4, fig. 4 is a schematic diagram of service type determination provided in the embodiment of the present application. Referring to fig. 4, it can be seen that the 4 messages are message 1, message 2, message 3, and message 4, respectively. The service type identifier included in the header of the message 1 is the service type identifier 1, the service type identifier included in the header of the message 2 is the service type identifier 2, the service type identifier included in the header of the message 3 is the service type identifier 3, and the service type identifier included in the header of the message 4 is the service type identifier 1. It can be understood that, in the 4 messages, the service type identifiers included in the headers of the message 1 and the message 4 are the service type identifiers 1. That is, the number of headers including the same service type identifier in the data stream corresponding to the first application program a is 2, and the service type corresponding to the first application program a is the service type corresponding to the service type identifier 1.
It can be seen that, in the above technical solution, for the same application program, the service type corresponding to the same application program is determined according to the number of the headers including the same service type identifier, so that the situation that the application program with the service type belonging to payment class and involving more privacy information becomes an authorized application program is avoided, and the information security in the context of joint login is further improved.
In a possible implementation manner, the determining, according to the number of headers including the same service type identifier in the data stream, a service type corresponding to each first application program in the at least one first application program includes: determining a service type identifier included in a first message header with the largest number of message headers including the same service type identifier according to the number of the message headers including the same service type identifier in the data stream, wherein the first message header is the message header of any one message in the messages with the largest number of message headers including the same service type identifier; and determining the service type corresponding to each first application program in the at least one first application program according to the service type identifier included in the first message header.
It can be seen that, in the above technical solution, for the same application program, the service type identifier corresponding to the first packet header with the largest number of packet headers including the same service type identifier is determined, so that situations that the application program with more privacy information, such as the service type belonging to the payment class, becomes an authorized application program, are avoided, and the information security in a combined login scenario is further improved.
In a possible implementation manner, the determining a priority level of the authorized application according to a service type corresponding to each of the at least one first application includes: determining a permission security level corresponding to each first application program in the at least one first application program and associated with private data according to the service type corresponding to each first application program in the at least one first application program; determining the authorized application program according to the authority security level corresponding to each first application program in the at least one first application program and associated with the private data; and determining the priority level of the authorized application program according to the authority security level corresponding to the authorized application program and associated with the private data.
Illustratively, the at least one first application includes a first application B and a first application C, the service type corresponding to the first application B is a video service, and the service type corresponding to the first application C is a payment service; then the privilege security level associated with the private data corresponding to first application B is lower than the privilege security level associated with the private data corresponding to first application C.
It can be seen that, in the above technical solution, an authorized application is determined according to the permission security level associated with the private data corresponding to each first application in at least one first application, so as to avoid a situation that an application with a lot of private information is an authorized application, such as an application with a service type belonging to a payment class, and further improve the security of information in a combined login scenario. Meanwhile, the priority level of the authorized application program is determined according to the permission security level corresponding to the authorized application program and associated with the private data, so that the condition that the private data is leaked due to the fact that the user selects the application program with more private data to perform combined login is avoided, and the information security under the combined login scene is improved.
In one possible embodiment, the determining the authorizeable application according to the security level of authority associated with the private data corresponding to each of the at least one first application includes: and comparing the permission security level corresponding to each first application program in the at least one first application program and associated with the private data with a preset permission security level to determine the application program in the at least one first application program, of which the permission security level associated with the private data is smaller than the preset permission security level, so as to obtain the authorized application program.
The preset authority security level may be set by an administrator, or may be configured in a configuration file, which is not limited herein.
It can be seen that, in the above technical solution, by determining the application program with the security level lower than the preset authority level in the at least one first application program as the authorizeable application program, the situation that the application program with the higher authority security level associated with the private data becomes the authorizeable application program is avoided, and the information security in the combined login scenario is further improved.
In one possible embodiment, the determining the priority level of the authorized application according to the security level of the authority corresponding to the authorized application and associated with the private data includes: obtaining the access frequency of the authorized application program; determining a weight value of the authorized application program according to the access frequency of the authorized application program; acquiring an association relation between an authority security factor associated with the private data and a service type corresponding to the application program; determining an authority security factor corresponding to the authorized application program and associated with private data according to the incidence relation and the service type corresponding to the authorized application program; and determining the permission security level associated with the privacy data corresponding to the authorized application program according to the weight value of the authorized application program and the permission security factor associated with the privacy data corresponding to the authorized application program.
Wherein the higher the access frequency of the authorized application, the smaller the weight value of the authorized application.
It can be seen that, in the above technical solution, the determination of the permission security level associated with the private data corresponding to the authorized application program is realized.
Referring to fig. 5, fig. 5 is a schematic diagram of a login system of an application according to an embodiment of the present application. As shown in fig. 5, a login system 500 of an application provided in an embodiment of the present application includes a receiving module 501, a determining module 502, a generating module 503, and a sending model 504.
The receiving module 501 is configured to receive an identifier of a user equipment and an identifier of at least one first application program, which are sent by the user equipment, where the identifier of the user equipment and the identifier of the at least one first application program are obtained when the user equipment detects that second login information corresponding to a second application program does not exist on the user equipment;
a determining module 502, configured to determine, according to the identifier of the user equipment, whether at least one piece of first login information corresponding to the identifier of the at least one first application one to one exists in a login information base;
a generating module 503, configured to generate an authorized application list according to a priority level of an authorized application in the at least one first application if the first application is available, where the priority level of the authorized application is determined according to a service type of the authorized application;
a sending module 504, configured to send the authorized application list to the user equipment;
the sending module 504 is further configured to send an authorization response to the user equipment according to third login information corresponding to a third application program and the identifier of the second application program if the authorization request sent by the user equipment is detected, where the third application program is one application program in the authorized application program list, the third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request, and the authorization response carries information that the second application program is successfully logged in.
It can be seen that, in the above technical solution, when it is detected that there is no second login information corresponding to the second application program on the user equipment, the identifier of the user equipment and the identifier of the at least one first application program are obtained, and the identifier of the user equipment and the identifier of the at least one first application program are sent, so that the server can obtain the identifiers of the other application programs installed on the user equipment. Meanwhile, when the login information base comprises login information corresponding to the identification of other application programs, an authorized application program list can be generated, and the priority level of the authorized application program is determined according to the service type of the authorized application program, so that the situation that the application programs with more privacy information, such as the service type belonging to payment, become the authorized application program is avoided, and the information security under the combined login scene is improved. And meanwhile, an authorized application program list is sent to the user equipment, and when an authorization request sent by the user equipment is detected, an authorization response is sent to the user equipment according to third login information corresponding to a third application program and the identifier of a second application program, so that more optional application programs for joint login are provided for the user, and the application scene of joint login is enriched.
In a possible implementation manner, the generating module 503 is specifically configured to generate the authorized application list according to the priority level of the authorized application in the at least one first application
Acquiring a data stream corresponding to each first application program in the at least one first application program within a preset time period;
determining a service type corresponding to each first application program in the at least one first application program according to the data stream corresponding to each first application program in the at least one first application program;
determining the priority level of the authorized application program according to the service type corresponding to each first application program in the at least one first application program;
and generating the authorized application program list according to the priority level of the authorized application programs from high to low.
It can be seen that, in the above technical solution, the data stream corresponding to each first application program in the at least one first application program is obtained within the preset time period, so as to determine the service type corresponding to each first application program in the at least one first application program, and further determine the priority level of the authorized application program, thereby avoiding a situation that the application program with more privacy information is an authorized application program, such as an application program with a service type belonging to a payment class, and further improving the security of information in a combined login scenario. Meanwhile, an authorized application program list is generated according to the priority level of the authorized application programs from high to low, so that more optional application programs for joint login are provided for a user, and the application scenes of joint login are enriched. In addition, the application program list with high priority level is placed at the top of the authorized application program list, so that the possibility of user selection is increased, the condition that private data is leaked due to the fact that the user selects the application program with more private data to perform joint login is avoided, and the information safety under the joint login scene is improved.
In a possible implementation manner, in terms of determining a service type corresponding to each first application program in the at least one first application program according to a data stream corresponding to each first application program in the at least one first application program, the generating module 503 is specifically configured to determine a service type corresponding to each first application program in the at least one first application program
For a data stream corresponding to each first application program in the at least one first application program, acquiring a service type identifier included in a message header of each message in the data stream;
determining the number of message headers comprising the same service type identifier in the data stream according to the service type identifier included in the message header of each message in the data stream;
and determining the service type corresponding to each first application program in the at least one first application program according to the number of the message headers comprising the same service type identifier in the data stream.
It can be seen that, in the above technical solution, for the same application program, the service type corresponding to the same application program is determined according to the number of the headers including the same service type identifier, so that the situation that the application program with the service type belonging to payment class and involving more privacy information becomes an authorized application program is avoided, and the information security in the context of joint login is further improved.
In a possible implementation manner, in terms of determining a service type corresponding to each first application program in the at least one first application program according to the number of headers including the same service type identifier in the data stream, the generating module 503 is specifically configured to determine the service type corresponding to each first application program in the at least one first application program
Determining a service type identifier included in a first message header with the largest number of message headers including the same service type identifier according to the number of the message headers including the same service type identifier in the data stream, wherein the first message header is the message header of any one message in the messages with the largest number of message headers including the same service type identifier;
and determining the service type corresponding to each first application program in the at least one first application program according to the service type identifier included in the first message header.
It can be seen that, in the above technical solution, for the same application program, the service type corresponding to the same application program is determined according to the number of the headers including the same service type identifier, so that the situation that the application program with the service type belonging to payment class and involving more privacy information becomes an authorized application program is avoided, and the information security in the context of joint login is further improved.
In a possible implementation manner, in terms of determining the priority level of the authorized application according to the service type corresponding to each first application in the at least one first application, the generating module 503 is specifically configured to determine the priority level of the authorized application
Determining a permission security level corresponding to each first application program in the at least one first application program and associated with private data according to the service type corresponding to each first application program in the at least one first application program;
determining the authorized application program according to the authority security level corresponding to each first application program in the at least one first application program and associated with the private data;
and determining the priority level of the authorized application program according to the authority security level corresponding to the authorized application program and associated with the private data.
It can be seen that, in the above technical solution, an authorized application is determined according to the permission security level associated with the private data corresponding to each first application in at least one first application, so as to avoid a situation that an application with a lot of private information is an authorized application, such as an application with a service type belonging to a payment class, and further improve the security of information in a combined login scenario. Meanwhile, the priority level of the authorized application program is determined according to the permission security level corresponding to the authorized application program and associated with the private data, so that the condition that the private data is leaked due to the fact that the user selects the application program with more private data to perform combined login is avoided, and the information security under the combined login scene is improved.
In a possible implementation manner, the generating module 503 is specifically configured to determine the priority level of the authorized application according to the security level of the right associated with the private data corresponding to the authorized application
Obtaining the access frequency of the authorized application program;
determining a weight value of the authorized application program according to the access frequency of the authorized application program;
acquiring an association relation between an authority security factor associated with the private data and a service type corresponding to the application program;
determining an authority security factor corresponding to the authorized application program and associated with private data according to the incidence relation and the service type corresponding to the authorized application program;
and determining the permission security level associated with the privacy data corresponding to the authorized application program according to the weight value of the authorized application program and the permission security factor associated with the privacy data corresponding to the authorized application program.
It can be seen that, in the above technical solution, the determination of the permission security level associated with the private data corresponding to the authorized application program is realized.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a computer device in a hardware operating environment according to an embodiment of the present application.
The application embodiment provides a computer device comprising a processor, a memory, a communication interface and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the processor to execute instructions comprising steps in a login method of any one application program. As shown in fig. 6, a computer device of a hardware operating environment according to an embodiment of the present application may include:
a processor 601, such as a CPU.
The memory 602 may alternatively be a high speed RAM memory or a stable memory such as a disk memory.
A communication interface 603 for implementing connection communication between the processor 601 and the memory 602.
Those skilled in the art will appreciate that the configuration of the computer device shown in fig. 6 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 6, the memory 602 may include an operating system, a network communication module, and one or more programs. An operating system is a program that manages and controls the server hardware and software resources, supporting the execution of one or more programs. The network communication module is used to enable communication between the various components within the memory 602, as well as with other hardware and software within the computer device.
In the computer device shown in fig. 6, a processor 601 is used to execute one or more programs in a memory 602, implementing the following steps:
receiving an identifier of user equipment and an identifier of at least one first application program, which are sent by the user equipment, wherein the identifier of the user equipment and the identifier of the at least one first application program are obtained when the user equipment detects that second login information corresponding to a second application program does not exist on the user equipment;
determining whether at least one first login information corresponding to the identifier of the at least one first application program in a login information base or not according to the identifier of the user equipment;
if yes, generating an authorized application program list according to the priority level of an authorized application program in the at least one first application program, wherein the priority level of the authorized application program is determined according to the service type of the authorized application program;
sending the list of authorized applications to the user device;
if an authorization request sent by the user equipment is detected, sending an authorization response to the user equipment according to third login information corresponding to a third application program and the identifier of the second application program, wherein the third application program is one application program in the authorized application program list, the third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request, and the authorization response carries information that the second application program is successfully logged in.
For specific implementation of the computer device related to the present application, reference may be made to the embodiments of the login method of the application program, which are not described herein again.
In this application, the computer device may be, for example, a first server, which is not limited herein.
The present application further provides a computer readable storage medium for storing a computer program, the stored computer program being executable by the processor to perform the steps of:
receiving an identifier of user equipment and an identifier of at least one first application program, which are sent by the user equipment, wherein the identifier of the user equipment and the identifier of the at least one first application program are obtained when the user equipment detects that second login information corresponding to a second application program does not exist on the user equipment;
determining whether at least one first login information corresponding to the identifier of the at least one first application program in a login information base or not according to the identifier of the user equipment;
if yes, generating an authorized application program list according to the priority level of an authorized application program in the at least one first application program, wherein the priority level of the authorized application program is determined according to the service type of the authorized application program;
sending the list of authorized applications to the user device;
if an authorization request sent by the user equipment is detected, sending an authorization response to the user equipment according to third login information corresponding to a third application program and the identifier of the second application program, wherein the third application program is one application program in the authorized application program list, the third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request, and the authorization response carries information that the second application program is successfully logged in.
For specific implementation of the computer-readable storage medium related to the present application, reference may be made to the embodiments of the login method of the application program, which are not described herein again.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art should understand that the present application is not limited by the order of acts described, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that the acts and modules involved are not necessarily required for this application.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A login method for an application program, comprising:
receiving an identifier of user equipment and an identifier of at least one first application program, which are sent by the user equipment, wherein the identifier of the user equipment and the identifier of the at least one first application program are obtained when the user equipment detects that second login information corresponding to a second application program does not exist on the user equipment;
determining whether at least one first login information corresponding to the identifier of the at least one first application program in a login information base or not according to the identifier of the user equipment;
if yes, generating an authorized application program list according to the priority level of an authorized application program in the at least one first application program, wherein the priority level of the authorized application program is determined according to the service type of the authorized application program;
sending the list of authorized applications to the user device;
if an authorization request sent by the user equipment is detected, sending an authorization response to the user equipment according to third login information corresponding to a third application program and the identifier of the second application program, wherein the third application program is one application program in the authorized application program list, the third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request, and the authorization response carries information that the second application program is successfully logged in.
2. The method of claim 1, wherein generating a list of authorized applications based on a priority level of an authorized application of the at least one first application comprises:
acquiring a data stream corresponding to each first application program in the at least one first application program within a preset time period;
determining a service type corresponding to each first application program in the at least one first application program according to the data stream corresponding to each first application program in the at least one first application program;
determining the priority level of the authorized application program according to the service type corresponding to each first application program in the at least one first application program;
and generating the authorized application program list according to the priority level of the authorized application programs from high to low.
3. The method of claim 2, wherein the determining the service type corresponding to each of the at least one first application according to the data stream corresponding to each of the at least one first application comprises:
for a data stream corresponding to each first application program in the at least one first application program, acquiring a service type identifier included in a message header of each message in the data stream;
determining the number of message headers comprising the same service type identifier in the data stream according to the service type identifier included in the message header of each message in the data stream;
and determining the service type corresponding to each first application program in the at least one first application program according to the number of the message headers comprising the same service type identifier in the data stream.
4. The method according to claim 3, wherein the determining the service type corresponding to each first application program in the at least one first application program according to the number of headers including the same service type identifier in the data stream comprises:
determining a service type identifier included in a first message header with the largest number of message headers including the same service type identifier according to the number of the message headers including the same service type identifier in the data stream, wherein the first message header is the message header of any one message in the messages with the largest number of message headers including the same service type identifier;
and determining the service type corresponding to each first application program in the at least one first application program according to the service type identifier included in the first message header.
5. The method of claim 2, wherein the determining the priority level of the authorized application according to the service type corresponding to each of the at least one first application comprises:
determining a permission security level corresponding to each first application program in the at least one first application program and associated with private data according to the service type corresponding to each first application program in the at least one first application program;
determining the authorized application program according to the authority security level corresponding to each first application program in the at least one first application program and associated with the private data;
and determining the priority level of the authorized application program according to the authority security level corresponding to the authorized application program and associated with the private data.
6. The method of claim 5, wherein determining the priority level of the authorized application according to the security level of the authority associated with the private data corresponding to the authorized application comprises:
obtaining the access frequency of the authorized application program;
determining a weight value of the authorized application program according to the access frequency of the authorized application program;
acquiring an association relation between an authority security factor associated with the private data and a service type corresponding to the application program;
determining an authority security factor corresponding to the authorized application program and associated with private data according to the incidence relation and the service type corresponding to the authorized application program;
and determining the permission security level associated with the privacy data corresponding to the authorized application program according to the weight value of the authorized application program and the permission security factor associated with the privacy data corresponding to the authorized application program.
7. A login system for an application program, comprising:
a receiving module, configured to receive an identifier of a user equipment and an identifier of at least one first application program, where the identifier of the user equipment and the identifier of the at least one first application program are obtained by the user equipment when detecting that second login information corresponding to a second application program does not exist on the user equipment;
a determining module, configured to determine, according to the identifier of the user equipment, whether at least one piece of first login information corresponding to the identifier of the at least one first application one to one exists in a login information base;
if yes, generating an authorized application program list according to the priority level of an authorized application program in the at least one first application program, wherein the priority level of the authorized application program is determined according to the service type of the authorized application program;
a sending module, configured to send the authorized application list to the user equipment;
the sending module is further configured to send an authorization response to the user equipment according to third login information corresponding to a third application program and the identifier of the second application program if the authorization request sent by the user equipment is detected, where the third application program is one application program in the authorized application program list, the third login information corresponding to the third application program and the identifier of the second application program are carried in the authorization request, and the authorization response carries information that the second application program is successfully logged in.
8. Login system according to claim 7, wherein the generating module is specifically configured to generate the list of authorized applications based on a priority level of an authorized application of the at least one first application
Acquiring a data stream corresponding to each first application program in the at least one first application program within a preset time period;
determining a service type corresponding to each first application program in the at least one first application program according to the data stream corresponding to each first application program in the at least one first application program;
determining the priority level of the authorized application program according to the service type corresponding to each first application program in the at least one first application program;
and generating the authorized application program list according to the priority level of the authorized application programs from high to low.
9. A computer device comprising a processor, a memory, a communication interface, and one or more programs, wherein the one or more programs are stored in the memory and are generated as instructions that are executed by the processor to perform the steps of the method of any of claims 1-6.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium is used to store a computer program, which is executed by the processor, to implement the method of any of claims 1-6.
CN202110221282.8A 2021-02-27 2021-02-27 Login method, system, equipment and storage medium of application program Active CN112948803B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110221282.8A CN112948803B (en) 2021-02-27 2021-02-27 Login method, system, equipment and storage medium of application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110221282.8A CN112948803B (en) 2021-02-27 2021-02-27 Login method, system, equipment and storage medium of application program

Publications (2)

Publication Number Publication Date
CN112948803A true CN112948803A (en) 2021-06-11
CN112948803B CN112948803B (en) 2023-10-27

Family

ID=76246733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110221282.8A Active CN112948803B (en) 2021-02-27 2021-02-27 Login method, system, equipment and storage medium of application program

Country Status (1)

Country Link
CN (1) CN112948803B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338148A (en) * 2021-12-28 2022-04-12 建信金融科技有限责任公司 Interaction method and device, server and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102694733A (en) * 2012-06-06 2012-09-26 济南大学 Method for acquiring network flow data set with accurate application type identification
US20140033291A1 (en) * 2011-04-07 2014-01-30 Tencent Technology (Shenzhen) Company Limited Method and system for visiting a third party application via a cloud platform
WO2014187227A1 (en) * 2013-05-20 2014-11-27 华为终端有限公司 Data flow transmission control method and apparatus
CN106843980A (en) * 2017-01-22 2017-06-13 王恩惠 A kind of method that management is realized by third-party application and website is opened
KR101841079B1 (en) * 2017-11-08 2018-03-23 한국과학기술정보연구원 server for managing federated authentication and method thereof
CN108551443A (en) * 2018-03-30 2018-09-18 平安科技(深圳)有限公司 A kind of application login method, device, terminal device and storage medium
CN111917773A (en) * 2020-07-31 2020-11-10 中国工商银行股份有限公司 Service data processing method and device and server
CN112235317A (en) * 2020-11-14 2021-01-15 广州鸿森资本管理有限公司 Third-party application login system and method based on big data

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140033291A1 (en) * 2011-04-07 2014-01-30 Tencent Technology (Shenzhen) Company Limited Method and system for visiting a third party application via a cloud platform
CN102694733A (en) * 2012-06-06 2012-09-26 济南大学 Method for acquiring network flow data set with accurate application type identification
WO2014187227A1 (en) * 2013-05-20 2014-11-27 华为终端有限公司 Data flow transmission control method and apparatus
CN106843980A (en) * 2017-01-22 2017-06-13 王恩惠 A kind of method that management is realized by third-party application and website is opened
KR101841079B1 (en) * 2017-11-08 2018-03-23 한국과학기술정보연구원 server for managing federated authentication and method thereof
CN108551443A (en) * 2018-03-30 2018-09-18 平安科技(深圳)有限公司 A kind of application login method, device, terminal device and storage medium
CN111917773A (en) * 2020-07-31 2020-11-10 中国工商银行股份有限公司 Service data processing method and device and server
CN112235317A (en) * 2020-11-14 2021-01-15 广州鸿森资本管理有限公司 Third-party application login system and method based on big data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
曹敏: "数字化移动办公平台的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》, no. 1, pages 138 - 1046 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338148A (en) * 2021-12-28 2022-04-12 建信金融科技有限责任公司 Interaction method and device, server and storage medium
CN114338148B (en) * 2021-12-28 2023-05-26 建信金融科技有限责任公司 Interaction method and device, server and storage medium

Also Published As

Publication number Publication date
CN112948803B (en) 2023-10-27

Similar Documents

Publication Publication Date Title
US10009178B2 (en) Methods and systems for managing network activity using biometrics
Bhat et al. Edge computing and its convergence with blockchain in 5G and beyond: Security, challenges, and opportunities
JP7228322B2 (en) Auto-commit transaction management in blockchain networks
CN106452772B (en) Terminal authentication method and device
CN111476572B (en) Block chain-based data processing method, device, storage medium and equipment
CN110177124B (en) Identity authentication method based on block chain and related equipment
US20230037932A1 (en) Data processing method and apparatus based on blockchain network, and computer device
CN111556120A (en) Data processing method and device based on block chain, storage medium and equipment
CN105991596B (en) Access control method and system
US11916936B2 (en) Techniques for incentivized intrusion detection system
CN113129149A (en) Transaction risk identification method and device based on block chain and safe multi-party calculation
CN114519197A (en) Data storage architecture and method based on block chain and cloud service
US20230254146A1 (en) Cybersecurity guard for core network elements
CN112948803A (en) Login method, system, device and storage medium of application program
Xiao et al. An accountable framework for sensing-oriented mobile cloud computing
US11736299B2 (en) Data access control for edge devices using a cryptographic hash
CN115865537B (en) Privacy computing method based on centralized system management, electronic equipment and storage medium
CN110505205B (en) Cloud platform encryption and decryption service access method and access system
CN100411361C (en) Safety structure of all-around protecting mobile proxy network management application
CN113360575A (en) Method, device, equipment and storage medium for supervising transaction data in alliance chain
CN114726582B (en) Fair payment method in outsourcing data integrity verification based on blockchain
Mensah‐Bonsu et al. SECURITY CHALLENEGES OF CLOUD COMPUTING IN GHANA
Fazal et al. Blockchain Authentication Mechanism for Securing Internet of Things
GARG et al. Secure service provider platform for cloud environment
Zeydan et al. Blockchain-based Self-Sovereign Identity Solution for Aerial Base Station Integrated Networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant