WO2015062362A1 - Method, device, and system for user login - Google Patents

Method, device, and system for user login Download PDF

Info

Publication number
WO2015062362A1
WO2015062362A1 PCT/CN2014/086298 CN2014086298W WO2015062362A1 WO 2015062362 A1 WO2015062362 A1 WO 2015062362A1 CN 2014086298 W CN2014086298 W CN 2014086298W WO 2015062362 A1 WO2015062362 A1 WO 2015062362A1
Authority
WO
WIPO (PCT)
Prior art keywords
account
string
logged
domain name
encrypted
Prior art date
Application number
PCT/CN2014/086298
Other languages
French (fr)
Chinese (zh)
Inventor
于富龙
左文品
王有存
于天佐
余鹏
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2015062362A1 publication Critical patent/WO2015062362A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of Internet technologies, and in particular, to a method, device, and system for user login.
  • users may run instant messaging software, optimization software, security tools, browsers, etc. locally, and require users to log in to their accounts in order to get a better user experience.
  • the present invention has been made in order to provide a method, apparatus and system suitable for user login that overcomes the above problems or at least partially solves the above problems.
  • a user login method including: acquiring a logged-in account of each client corresponding to a specified domain name, generating a login list composed of the logged-in account; obtaining according to a specific logged-in account in the login list The account information of the specific registered account; use the obtained account information to log in to the specified domain name.
  • a user login device comprising: a memory configured to store a registered account and account information of a user currently in each client; a login list acquirer configured to obtain and specify from a memory The login account of each client corresponding to the domain name generates a login list composed of the logged-in account; the information acquirer is configured to obtain the account information of the specific logged-in account in the memory according to the specific logged-in account in the login list; , configured to use the obtained account information to log in Domain name.
  • a user login system including the user login device described above, and a server for verification.
  • a computer program comprising computer readable code that, when executed on a computing device, causes the computing device to perform the aforementioned user login method.
  • a computer readable medium storing the aforementioned computer program is provided.
  • the present invention provides a method, a device, and a system for logging in a user.
  • the user can detect the account that the user logs in to the local client by adding a plug-in to the browser.
  • the information reminds the user of the existing account information, and the user can select the account to log in to the designated domain name website, thereby eliminating the step of inputting the account password again, simplifying the user operation and having a better user experience.
  • FIG. 1 is a flow chart of a method for user login according to an embodiment of the present invention
  • FIG. 2 is a flow chart of a specific method for user login according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a login list in accordance with one embodiment of the present invention.
  • FIG. 4 is a structural block diagram of a user login device according to an embodiment of the present invention.
  • FIG. 5 is a structural diagram of a user login system according to an embodiment of the present invention.
  • Figure 6 is a schematic block diagram showing a computing device for performing a user login method in accordance with the present invention.
  • Fig. 7 schematically shows a storage unit for holding or carrying program code implementing a user login method according to the present invention.
  • the embodiment of the invention provides a user login method. This method improves on devices that support users logging in on different clients.
  • the device in this embodiment may be a user terminal device such as a PC (Personal Computer), a mobile phone, or a handheld computer.
  • FIG. 1 is a flowchart of a method for user login according to an embodiment of the present invention, where the method includes steps S102 to S106.
  • S104 Acquire, according to the specific registered account in the login list, account information of the specific registered account.
  • the specific registered account in this embodiment is the login account selected by the user.
  • the embodiment of the invention provides a method for user login.
  • the user when the user logs in to the specified domain name, the user can check the account information of the user in the local client by adding a plug-in to the browser, and remind the user of the existing account information, and the user can select the account information.
  • the account is logged in to the designated domain name website, thereby eliminating the step of re-entering the account password, simplifying the user operation and having a better user experience.
  • This embodiment is a specific application scenario of the foregoing first embodiment. Through the embodiment, the method provided by the present invention can be more clearly and specifically illustrated.
  • the account information of the user's logged-in account on each client is obtained, and the account information is obtained.
  • the account information is ciphertext information, which includes at least two parts of the cookieQ string and the cookieT string of the logged-in account, the cookieQ string includes the basic information corresponding to the logged-in account, and the cookieT string includes the encryption of the basic information.
  • the generated check character is ciphertext information, which includes at least two parts of the cookieQ string and the cookieT string of the logged-in account, the cookieQ string includes the basic information corresponding to the logged-in account, and the cookieT string includes the encryption of the basic information.
  • the storage format in the shared memory in this embodiment may be as follows:
  • FIG. 2 is a flowchart of a specific method for user login according to an embodiment of the present invention.
  • the method specifically includes steps S201 to 210, which specifically support users to log in on different clients.
  • S201 Receive an indication from a user to access a specified domain name.
  • the indication mentioned in this embodiment may be triggered by the user entering the specified domain name in the browser and clicking on the access.
  • the domain name accessed is "axlogin.passport.360.cn".
  • step S202 is performed.
  • step S202 the registered account of each client corresponding to the specified domain name is acquired, and a login list composed of the registered account is generated.
  • the specific process may include: first, detecting whether a browser plug-in corresponding to the specified domain name is installed locally, and when detecting that the browser plug-in corresponding to the specified domain name is installed, The browser plug-in is invoked to obtain the registered account of each client corresponding to the specified domain name, and finally, a login list composed of the logged-in accounts is generated.
  • the operation of detecting whether the browser plug-in corresponding to the specified domain name is installed locally is performed by a specific script of the browser.
  • the browser plug-in also performs the following security detection: the first is to verify whether the Microsoft digital signature of the loading process file is passed, and the security check guarantees The security of the operating environment.
  • the second is to verify whether the domain name of the currently loaded plug-in is a specified domain name. For example, if the domain name of the currently loaded plug-in is "axlogin.passport.360.cn", the verification is passed.
  • the browser plugin also provides a method for obtaining a list of logged-in accounts corresponding to the specified domain name, namely the GetUserList method.
  • the specific script of the browser can be invoked by the GetUserList method provided by the browser plug-in to detect the account that the user has logged in on each client, and obtain the logged-in account in the shared memory, and generate a list of the logged-in accounts.
  • the generated registered account list is outputted by step S203 for The user makes a selection.
  • the operation of outputting the generated registered account list is performed by the specific script described above.
  • the specific script may display the login account identifier when displaying the login list ( The user name can be displayed to the user, or the avatar corresponding to the logged-in account can be displayed together with the avatar corresponding to the logged-in account, so that the user can distinguish the logged-in account.
  • the user selects the logged in account.
  • FIG. 3 shows a schematic diagram of a login list.
  • step S204 is performed.
  • step S204 a selection instruction from the user is received, the logged-in account in the corresponding login list is obtained, and the account information is obtained.
  • the user can select the login account by clicking the account avatar shown in FIG. 3.
  • the browser plug-in provides a method for obtaining a list of logged-in accounts corresponding to the specified domain name, that is, the GetUserList method.
  • the browser plugin also provides a way to get account information, namely the GetCode method. Therefore, when the user clicks on the selected account avatar, the GetCode method is invoked by the specific script of the browser to obtain the account information of the user selected account.
  • step S205 is continued.
  • the obtained account information is encrypted and calculated to generate an encrypted character string.
  • the operation of encrypting the account information is also implemented by the GetCode method provided by the browser plug-in.
  • the specific calculation of the account information includes the following three processes:
  • the current timestamp is obtained by sending an HTTP protocol to the server.
  • the server can provide an accurate and reliable time stamp service externally, and adopts a precise time source, high strength and high standard security mechanism to confirm the existence of the system processing data at a certain time and the relative time of related operations.
  • the order provides the basic services for time non-repudiation in the information system.
  • the obtained timestamp, the logged-in account selected by the user, and the account information thereof are spliced in a preset order to obtain a spliced string.
  • the foregoing information may be spliced in the following order, that is, a timestamp, a logged-in account selected by the user, a cookie Q value in the account information, and a cookie T value in the account information.
  • the spliced string is encrypted by using a preset encryption rule and a predetermined encryption key to generate an encrypted string.
  • the preset encryption key is a fixed public key agreed between the server and the login device, and the foregoing preset encryption rule may be AESCB256 encryption and BASE64 encoding, that is, the spliced string is encrypted by using the public key, and It performs the BASE64_ENCODE encoding operation.
  • step S206 is executed to send the generated encrypted character string to the server.
  • the generated encrypted string can be sent to the server through the HTTP protocol.
  • step S207 After receiving the encrypted character string sent by the login device, the server performs step S207.
  • step S207 the encrypted character string is checked by the server and judged whether it has passed. If the verification fails, step S208 is executed, that is, the operation is stopped or the response to the verification failure is returned to the login device. If the verification is successful, step S209 is performed.
  • the method for the server to verify the encrypted string includes:
  • the correct encrypted string is stored in the Memcache as a whole, and the record has been used. Each time the encrypted string is checked for elapsed time, it will check whether the encrypted string already exists in Memcache. If it exists, it indicates that the encrypted string has been used. At this time, the system refuses to access. If it does not exist, then Indicates that the encrypted string has not been used. In this case, verify that the encrypted string is successful.
  • the server decrypts the private key and the decryption method agreed upon by the login device. If the decryption is unsuccessful, the encryption string verification fails. If the decryption is successful, it is determined whether the timestamp obtained after decryption, the specific registered account number and the account information are complete, and the timestamp, the specific registered account and the account number. When the information is complete, it is determined that the encrypted string is verified.
  • the verification process needs to be performed after the verification of the third step above.
  • the time stamp provided by the server will have an expiration date. For example, the validity period is 5 minutes. In this case, check whether the timestamp carried in the encrypted string has exceeded 5 minutes. If it is not exceeded, the timestamp has not expired, that is, the verification is passed. Otherwise, the timestamp has expired. Failure, that is, the verification does not pass.
  • the account information carried in the encrypted string includes at least two parts of the cookieQ string and the cookie T string of the logged-in account. If the account information carried in the encrypted string is valid, the implementation of the cookieQ includes the basic account corresponding to the logged-in account. The information is verified and encrypted, and the encryption result is compared with the cookieT. When the comparison is the same, the account information carried in the encrypted string is valid, that is, the verification is passed, otherwise the account information carried in the encrypted string is invalid, that is, the school The test will not pass.
  • the verification process also needs to be performed after the third step of the above verification, and at this time, the account information is The user account included in the cookieQ string is compared with the user account that has been decrypted. If the comparison is the same, the account information carried in the encrypted string is correct and the check is passed. Otherwise, the account information carried in the encrypted string is incorrect. The verification does not pass.
  • step S209 is continued to generate a cookie encryption string corresponding to the registered account selected by the user, and return it to the login device.
  • the cookie encryption string is generated according to the selected login account selected by the user, and the cookie encryption string is valid for a preset time. For example, the server sets the cookie encryption string to be valid for 10 minutes, and expires.
  • step S210 is performed, that is, the cookie encryption string is set to log in to the specified domain name, and the specified domain name is registered by using the cookie encryption string.
  • the valid time is set for the server, so that the specific script of the browser can automatically save the setting of the cookie encryption string within the valid time, that is, The login device automatically logs in to the specified domain name using the login account selected by the user within the valid time.
  • the server marks the encrypted string as used and stores it in the Memcache.
  • the embodiment of the invention provides a method for the user to log in.
  • the user can add the plug-in for the browser to detect the account information that the user logs in to the local client, and remind the user that the local device exists.
  • the account information the user can select the account to log in to the designated domain name website, thereby eliminating the step of inputting the account password again, simplifying the user operation and having a better user experience.
  • the account information of the user is written into the shared memory in advance, and the access restriction is performed on the data stored in the shared memory, and only the legal plug-in is allowed to be called, thereby preventing the user account information from being acquired by the malicious program, and increasing The security of the user's account information.
  • the plug-in provided by the embodiment of the present invention verifies the Microsoft digital signature of the loading process before acquiring the account information of the user, so as to ensure that the plug-in is invoked by the malicious program, and the account information of the user is leaked.
  • the browser plug-in provided by the embodiment of the present invention displays an avatar corresponding to the user's account when displaying the account list that the user has logged in on the local client, so that the user can more easily identify the account and help improve. user experience.
  • the account information is encrypted and transmitted by the encryption algorithm, and the timestamp information is added, thereby increasing the security of the user account verification. Avoid being intercepted by illegal hackers and causing loss to users.
  • FIG. 4 is a structural block diagram of a user login device according to an embodiment of the present invention.
  • the device 400 includes:
  • the memory 410 is configured to store the currently registered account and account information of the user at each client;
  • the login list acquirer 420 is coupled to the memory 410 and configured to acquire the logged-in account of each client corresponding to the specified domain name from the memory, and generate a login list composed of the logged-in account.
  • the information acquirer 430 is coupled to the memory 410 and the login list acquirer 420, and configured to acquire the account information of the specific registered account from the memory 410 according to the specific registered account in the login list;
  • the account registrar 440 is coupled to the information acquirer 430 and configured to log in to the designated domain name using the acquired account information.
  • the login list acquirer 420 includes:
  • the plug-in detecting unit 421 is configured to detect whether a browser plug-in corresponding to the specified domain name is installed;
  • the account reading unit 422 is configured to, when the plug-in detecting unit 421 detects that the browser plug-in is installed, invoke the browser plug-in to obtain the registered account of each client corresponding to the specified domain name;
  • the list generating unit 423 is configured to generate a login list composed of the registered accounts.
  • the login list includes an identifier of the logged in account and/or an avatar corresponding to the logged in account.
  • the information acquirer 430 is further configured to encrypt the particular logged in account information.
  • the information acquirer 430 includes:
  • the timestamp obtaining unit 431 is configured to acquire a current timestamp.
  • the encryption processing unit 432 is configured to encrypt the time stamp, the specific registered account, and the account information by using a preset encryption rule to generate an encrypted character string.
  • the encryption processing unit 432 is further configured to generate an encrypted string as follows:
  • the timestamp, the specific logged-in account, and the account information thereof are spliced in a preset order to obtain a spliced string;
  • the spliced string is encrypted by using a preset encryption rule and a predetermined encryption key to generate an encrypted string.
  • the account registrar 440 includes:
  • the data sending unit 441 is configured to send the encrypted string to the server for verification by using a hypertext transfer protocol (HTTP);
  • HTTP hypertext transfer protocol
  • the data receiving unit 442 is configured to receive a cookie encryption string returned by the server, where the cookie encryption string corresponds to a specific logged-in account, and is generated by the server after verifying that the encrypted string is passed;
  • the login setting unit 443 is configured to set a cookie encryption string for logging in the specified domain name and using the cookie The encrypted string is logged in to the specified domain name.
  • the login setting unit 443 is further configured to set a cookie encryption string for logging in the specified domain name within a preset time, and log in to the specified domain name by using a cookie encryption string.
  • condition that the encrypted string is verified by the server includes at least one of the following:
  • the encrypted string comes from the specified domain name
  • the encrypted string has not been used
  • the encrypted string is successfully decrypted, and the timestamp, specific registered account, and account information carried are complete;
  • the timestamp carried in the encrypted string has not expired.
  • the account information carried in the encrypted string is valid.
  • the user account in the account information carried in the encrypted string is the same as the registered account selected by the user.
  • the account information stored in the memory 410 includes at least two parts: a cookieQ string and a cookie T string of the logged-in account, the cookieQ string includes basic information corresponding to the logged-in account, and the cookie T string includes a check character generated by encrypting the basic information. .
  • FIG. 5 is a structural diagram of a user login system according to an embodiment of the present invention.
  • the system 500 includes the user login device 400, and further includes a server 600 for verification.
  • An embodiment of the present invention provides a user login device and a system.
  • the user can detect the account that the user logs in to the local client by adding a plug-in to the browser.
  • the information reminds the user of the existing account information, and the user can select the account to log in to the designated domain name website, thereby eliminating the step of inputting the account password again, simplifying the user operation and having a better user experience.
  • numerous specific details are set forth. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • Modules or units or components in an embodiment may be combined into one module or unit or component, and in addition, they may be divided into multiple sub- Module or subunit or subcomponent.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the functionality of some or all of the components of the user login device and user login system in accordance with embodiments of the present invention.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
  • FIG. 6 illustrates a computing device, such as a personal computer or the like, that can implement a user login method in accordance with the present invention.
  • the computing device conventionally includes a processor 810 and a computer program product or computer readable medium in the form of a memory 820.
  • the memory 820 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM.
  • Memory 820 has a memory space 830 for program code 831 for performing any of the method steps described above.
  • storage space 830 for program code may include various program code 831 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • Such computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks.
  • Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG.
  • the storage unit may have storage segments, storage spaces, and the like that are similarly arranged to memory 820 in the computing device of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit includes computer readable code 831', ie, code readable by a processor, such as 810, that when executed by a computing device causes the computing device to perform each of the methods described above step.
  • one embodiment means The specific features, structures, or characteristics described in connection with the embodiments are included in at least one embodiment of the invention.
  • the phrase “in one embodiment” is not necessarily referring to the same embodiment.

Abstract

Provided in the present invention are a method, device, and system for user login. The method comprises: acquiring logged-in accounts of clients corresponding to a designated domain name, generating a login list consisting of the logged-in accounts; acquiring, on the basis of a specific logged-in account in the login list, account information of the specific logged-in account; and, utilizing the acquired account information to log in to the designated domain name. By means of the present invention, when a user is logging in to the designated domain name, the account information logged-in to a local client by the user can be detected and acquired by adding a plug-in for a browser, the user is prompted that the account information is present locally, the user can select among the accounts to log in to the designated website, thus obviating a step of re-entering an account password, simplifying user operations, and providing improved user experience.

Description

用户登录的方法、设备及系统User login method, device and system 技术领域Technical field
本发明涉及互联网技术领域,特别是涉及一种用户登录的方法、设备及系统。The present invention relates to the field of Internet technologies, and in particular, to a method, device, and system for user login.
背景技术Background technique
目前,随着各种互联网信息化的普及和贯通,用户所使用的各种软件、网站等也都有互联的趋势。并且,随着各软件开发商的业务的横向发展,其通常不但会提供给用户各种客户端工具,还同时会提供给用户各种网站服务。为了更方便于用户享受其提供的服务,通常会发生同时登陆行为。At present, with the popularization and penetration of various Internet informationization, various softwares and websites used by users also have a tendency to connect. Moreover, with the horizontal development of the software developers' businesses, they will not only provide users with various client tools, but also provide users with various website services. In order to make it easier for users to enjoy the services they provide, simultaneous login behavior usually occurs.
例如,用户可能在本地运行即时通信软件、优化软件、安全工具、浏览器等,且为了得到更好的用户体验,都要求用户登录其账号。For example, users may run instant messaging software, optimization software, security tools, browsers, etc. locally, and require users to log in to their accounts in order to get a better user experience.
而在这时,由于用户的多客户端登录,用户在登录与这些客户端软件对应的网站时,却仍然需要输入相同的账号和密码,重复的登录行为,导致用户操作繁琐、体验差。At this time, due to the multi-client login of the user, when the user logs in to the website corresponding to the client software, the user still needs to input the same account number and password, and the repeated login behavior causes the user operation to be cumbersome and the experience is poor.
因此,目前对于一些域名的网站登录时,存在如下缺点:Therefore, at present, for some domain name websites, there are the following disadvantages when logging in:
网站与本地的客户端之间缺少贯通,虽然客户端已保持登录状态,但是访问相关网站时,仍需重复登录,操作繁琐,导致用户体验差。There is a lack of connectivity between the website and the local client. Although the client has been logged in, but the related website is still required to log in repeatedly, the operation is cumbersome and the user experience is poor.
发明内容Summary of the invention
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的适于用户登录的方法、设备及系统。In view of the above problems, the present invention has been made in order to provide a method, apparatus and system suitable for user login that overcomes the above problems or at least partially solves the above problems.
依据本发明的一个方面,提供一种用户登录方法,包括:获取与指定域名对应的各客户端的已登录账号,生成由已登录账号组成的登录列表;根据登录列表中的特定已登录账号,获取特定已登录账号的账号信息;利用所获取的账号信息登录指定域名。According to an aspect of the present invention, a user login method is provided, including: acquiring a logged-in account of each client corresponding to a specified domain name, generating a login list composed of the logged-in account; obtaining according to a specific logged-in account in the login list The account information of the specific registered account; use the obtained account information to log in to the specified domain name.
依据本发明的一个方面,还提供了一种用户登录设备,其包括:存储器,配置为存储用户当前在各客户端的已登录账号及账号信息;登录列表获取器,配置为从存储器中获取与指定域名对应的各客户端的已登录账号,生成由已登录账号组成的登录列表;信息获取器,配置为根据登录列表中的特定已登录账号,在存储器中获取特定已登录账号的账号信息;账号登录器,配置为利用所获取的账号信息登录指 定域名。According to an aspect of the present invention, a user login device is further provided, comprising: a memory configured to store a registered account and account information of a user currently in each client; a login list acquirer configured to obtain and specify from a memory The login account of each client corresponding to the domain name generates a login list composed of the logged-in account; the information acquirer is configured to obtain the account information of the specific logged-in account in the memory according to the specific logged-in account in the login list; , configured to use the obtained account information to log in Domain name.
依据本发明的一个方面,还提供一种用户登录系统,包括上述用户登录设备,还包括用于校验的服务器。According to an aspect of the present invention, a user login system is further provided, including the user login device described above, and a server for verification.
根据本发明的再一个方面,提供了一种计算机程序,其包括计算机可读代码,当所述计算机可读代码在计算设备上运行时,导致所述计算设备执行前述的用户登录方法。According to still another aspect of the present invention, a computer program is provided comprising computer readable code that, when executed on a computing device, causes the computing device to perform the aforementioned user login method.
根据本发明的再一个方面,提供了一种计算机可读介质,其中存储了前述的计算机程序。According to still another aspect of the present invention, a computer readable medium storing the aforementioned computer program is provided.
本发明提供了一种用户登录的方法、设备及系统,通过本发明,能够在用户在对指定域名进行登录时,可以通过为浏览器增加插件来检测得到用户在本地的客户端中登录的账号信息,提醒用户本地已存在的账号信息,用户可以选择其中的账户进行指定域名网站的登录,从而省去了再次输入账号密码的步骤,简化了用户操作,具有更好的用户体验。The present invention provides a method, a device, and a system for logging in a user. When the user logs in to a specified domain name, the user can detect the account that the user logs in to the local client by adding a plug-in to the browser. The information reminds the user of the existing account information, and the user can select the account to log in to the designated domain name website, thereby eliminating the step of inputting the account password again, simplifying the user operation and having a better user experience.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, and the above-described and other objects, features and advantages of the present invention can be more clearly understood. Specific embodiments of the invention are set forth below.
附图说明DRAWINGS
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1是根据本发明一个实施例的一种用户登录的方法流程图;1 is a flow chart of a method for user login according to an embodiment of the present invention;
图2是根据本发明一个实施例的一种用户登录的具体方法流程图;2 is a flow chart of a specific method for user login according to an embodiment of the present invention;
图3是根据本发明一个实施例的登录列表的示意图;3 is a schematic diagram of a login list in accordance with one embodiment of the present invention;
图4是根据本发明一个实施例的一种用户登录设备的结构框图;4 is a structural block diagram of a user login device according to an embodiment of the present invention;
图5是根据本发明一个实施例的一种用户登录系统的结构图;以及FIG. 5 is a structural diagram of a user login system according to an embodiment of the present invention;
图6示意性地示出了用于执行根据本发明的用户登录方法的计算设备的框图;以及Figure 6 is a schematic block diagram showing a computing device for performing a user login method in accordance with the present invention;
图7示意性地示出了用于保持或者携带实现根据本发明的用户登录方法的程序代码的存储单元。 Fig. 7 schematically shows a storage unit for holding or carrying program code implementing a user login method according to the present invention.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应该被这里阐述的实施例所限制。相反,提供这些实施例是为了能够透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be thoroughly understood, and the scope of the present disclosure can be fully conveyed to those skilled in the art.
实施例一 Embodiment 1
本发明实施例提供了一种用户登录方法。该方法对能够支持用户在不同客户端上登录的设备进行了改进。例如,本实施例中的设备可以为PC(Personal Computer,个人计算机),手机,手持电脑等用户终端设备。The embodiment of the invention provides a user login method. This method improves on devices that support users logging in on different clients. For example, the device in this embodiment may be a user terminal device such as a PC (Personal Computer), a mobile phone, or a handheld computer.
图1是根据本发明一个实施例提供的一种用户登录的方法流程图,该方法包括步骤S102至S106。FIG. 1 is a flowchart of a method for user login according to an embodiment of the present invention, where the method includes steps S102 to S106.
S102,获取与指定域名对应的各客户端的已登录账号,生成由已登录账号组成的登录列表。S102. Acquire a logged-in account of each client corresponding to the specified domain name, and generate a login list composed of the logged-in account.
S104,根据登录列表中的特定已登录账号,获取特定已登录账号的账号信息。本实施例中的特定已登录账号为用户所选中的登录账号。S104. Acquire, according to the specific registered account in the login list, account information of the specific registered account. The specific registered account in this embodiment is the login account selected by the user.
S106,利用所获取的账号信息登录指定域名。S106. Log in to the specified domain name by using the obtained account information.
本发明实施例提供了一种用户登录的方法。通过该方法,在用户在对指定域名进行登录时,可以通过为浏览器增加插件来检测得到用户在本地的客户端中登录的账号信息,提醒用户本地已存在的账号信息,用户可以选择其中的账户进行指定域名网站的登录,从而省去了再次输入账号密码的步骤,简化了用户操作,具有更好的用户体验。The embodiment of the invention provides a method for user login. With this method, when the user logs in to the specified domain name, the user can check the account information of the user in the local client by adding a plug-in to the browser, and remind the user of the existing account information, and the user can select the account information. The account is logged in to the designated domain name website, thereby eliminating the step of re-entering the account password, simplifying the user operation and having a better user experience.
实施例二Embodiment 2
本实施例为上述实施例一的一种具体应用场景,通过本实施例,能够更加清楚、具体地阐述本发明所提供的方法。This embodiment is a specific application scenario of the foregoing first embodiment. Through the embodiment, the method provided by the present invention can be more clearly and specifically illustrated.
需要说明的是,在执行本实施例所提供的方法之前,首先要获取设备中各个客户端(应用与设备上的插件、应用软件等)上用户已登录账号的账号信息,并将这些账号信息写入设备的系统共享内存中,便于后续的信息查找。其中,为了保证数据的安全,账号信息为密文信息,其至少包括已登录账号的cookieQ串和cookieT串两部分,cookieQ串包括已登录账号对应的基本信息,cookieT串包括对基本信息进行加密后生成的校验字符。It should be noted that, before performing the method provided in this embodiment, firstly, the account information of the user's logged-in account on each client (the plug-in, the application software, and the like on the application) is obtained, and the account information is obtained. Write to the device's system shared memory for easy subsequent information lookup. In order to ensure the security of the data, the account information is ciphertext information, which includes at least two parts of the cookieQ string and the cookieT string of the logged-in account, the cookieQ string includes the basic information corresponding to the logged-in account, and the cookieT string includes the encryption of the basic information. The generated check character.
其中,在将每个客户端的已登录账号的账号信息写入到共享内存时,均使用同一个动态链接库进行写入。 Wherein, when the account information of the registered account of each client is written to the shared memory, the same dynamic link library is used for writing.
还需要说明的是,本实施例中,当对不同的客户端进行安装时,同时会为用户安装不同的浏览器插件,在将账号信息写入到共享内存之后,共享内存会对存储的数据进行访问的限制,即共享内存只允许与客户端同时安装的插件(如IE(InternetExplorer)插件和NPAPI(网景插件应用程序编程接口,Netscape Plugin Application Programming Interface)插件)对其进行只读调用。对共享内存数据访问的限制,避免了数据被未知插件恶意调用,从而增加了数据的安全性。It should also be noted that, in this embodiment, when different clients are installed, different browser plug-ins are installed for the user, and after the account information is written to the shared memory, the shared memory will store the data. The limitation of access is that shared memory only allows plug-ins that are installed at the same time as the client (such as the IE (Internet Explorer plug-in) and NPAPI (Netscape Plugin Application Programming Interface) plug-in to make read-only calls. The restriction on shared memory data access prevents data from being maliciously called by unknown plugins, thus increasing data security.
可选地,本实施例中共享内存中的存储格式可以如下:Optionally, the storage format in the shared memory in this embodiment may be as follows:
key1:key1,value1:value1Key1:key1,value1:value1
key1:key1,value1:value1Key1:key1,value1:value1
下面对该方法进行具体介绍,图2是根据本发明一个实施例提供的一种用户登录的具体方法流程图,该方法具体包括步骤S201至210,其具体由支持用户在不同客户端上登录的设备来执行。The method is specifically described below. FIG. 2 is a flowchart of a specific method for user login according to an embodiment of the present invention. The method specifically includes steps S201 to 210, which specifically support users to log in on different clients. The device to execute.
S201,接收来自用户的、访问指定域名的指示。S201. Receive an indication from a user to access a specified domain name.
本实施例中所提及的指示可以由用户在浏览器中输入指定域名之后,点击访问时触发。例如,访问的域名为“axlogin.passport.360.cn”。The indication mentioned in this embodiment may be triggered by the user entering the specified domain name in the browser and clicking on the access. For example, the domain name accessed is "axlogin.passport.360.cn".
在接收到上述指示之后,执行步骤S202。在步骤S202中,获取与指定域名对应的各客户端的已登录账号,生成由已登录账号组成的登录列表。After receiving the above indication, step S202 is performed. In step S202, the registered account of each client corresponding to the specified domain name is acquired, and a login list composed of the registered account is generated.
可选地,本实施例在执行步骤S202时,具体过程可以包括:首先,检测本地是否已安装与指定域名对应的浏览器插件,并当检测到已安装与指定域名对应的浏览器插件时,调用该浏览器插件,获取与指定域名对应的各客户端的已登录账号,最后,生成由已登录账号组成的登录列表。Optionally, when the step S202 is performed, the specific process may include: first, detecting whether a browser plug-in corresponding to the specified domain name is installed locally, and when detecting that the browser plug-in corresponding to the specified domain name is installed, The browser plug-in is invoked to obtain the registered account of each client corresponding to the specified domain name, and finally, a login list composed of the logged-in accounts is generated.
需要说明的是,本实施例中检测本地是否已安装与指定域名对应的浏览器插件的操作是由浏览器的特定脚本来执行的。在该特定脚本检测到已安装与指定域名对应的浏览器插件之后,由该浏览器插件还会进行如下安全检测:第一是验证加载进程文件的微软数字签名是否通过,该项安全检测保证了运行环境的安全。第二是验证当前加载插件的域名是否为指定的域名,例如,如果当前加载插件的域名为“axlogin.passport.360.cn”,则验证通过。It should be noted that, in this embodiment, the operation of detecting whether the browser plug-in corresponding to the specified domain name is installed locally is performed by a specific script of the browser. After the specific script detects that the browser plug-in corresponding to the specified domain name is installed, the browser plug-in also performs the following security detection: the first is to verify whether the Microsoft digital signature of the loading process file is passed, and the security check guarantees The security of the operating environment. The second is to verify whether the domain name of the currently loaded plug-in is a specified domain name. For example, if the domain name of the currently loaded plug-in is "axlogin.passport.360.cn", the verification is passed.
另外,该浏览器插件还会提供了获取与指定域名对应的已登录账号列表的方法,即GetUserList方法。使得上述浏览器的特定脚本能够调用浏览器插件提供的GetUserList方法,检测到用户在各个客户端上已经登录的账号,并在共享内存中获取已登录的账号,并生成已登录账号列表。In addition, the browser plugin also provides a method for obtaining a list of logged-in accounts corresponding to the specified domain name, namely the GetUserList method. The specific script of the browser can be invoked by the GetUserList method provided by the browser plug-in to detect the account that the user has logged in on each client, and obtain the logged-in account in the shared memory, and generate a list of the logged-in accounts.
在生成了已登录账号列表之后,由步骤S203输出所生成的已登录账号列表,供 用户进行选择。本实施例中,输出所生成的已登录账号列表的操作是由上述的特定脚本完成的。After the generated account list is generated, the generated registered account list is outputted by step S203 for The user makes a selection. In this embodiment, the operation of outputting the generated registered account list is performed by the specific script described above.
可选地,当已登录列表中包含了两个或者以上各已登录账号时,为了让用户更直观地看到每个登录账号,特定脚本在显示登录列表时,可以将已登录账号的标识(可以为用户名)或者与已登录账号对应的头像显示给用户,也可以将已登录账号的标识或者与已登录账号对应的头像一同进行显示,这样,更加便于用户对已经登录账号进行区分,以便用户对已登录账号进行选择。本实施例还提供了图3,展示了登录列表的示意图。Optionally, when two or more login accounts are included in the login list, in order to allow the user to more intuitively see each login account, the specific script may display the login account identifier when displaying the login list ( The user name can be displayed to the user, or the avatar corresponding to the logged-in account can be displayed together with the avatar corresponding to the logged-in account, so that the user can distinguish the logged-in account. The user selects the logged in account. This embodiment also provides FIG. 3, which shows a schematic diagram of a login list.
在用户选择了已登录账号之后,执行步骤S204。在步骤S204中,接收来自用户的选择指令,获取其对应的登录列表中的已登录账号,并获取其账号信息。其中,用户可以通过点击图3所示账号头像来选择登录账号。After the user selects the logged in account, step S204 is performed. In step S204, a selection instruction from the user is received, the logged-in account in the corresponding login list is obtained, and the account information is obtained. The user can select the login account by clicking the account avatar shown in FIG. 3.
对于本实施例,还需要提及的是,上述描述了浏览器插件提供了获取与指定域名对应的已登录账号列表的方法,即GetUserList方法。另外,浏览器插件还提供了获取账号信息的方法,即GetCode方法。所以,当用户点击了所选择的账号头像后,由上述浏览器的特定脚本调用GetCode方法来获取用户选择账号的账号信息。For the embodiment, it should also be mentioned that the above description describes that the browser plug-in provides a method for obtaining a list of logged-in accounts corresponding to the specified domain name, that is, the GetUserList method. In addition, the browser plugin also provides a way to get account information, namely the GetCode method. Therefore, when the user clicks on the selected account avatar, the GetCode method is invoked by the specific script of the browser to obtain the account information of the user selected account.
在获取了账号信息之后,继续执行步骤S205。在步骤S205中,将获取到的账号信息进行加密计算,生成加密字符串。After the account information is acquired, step S205 is continued. In step S205, the obtained account information is encrypted and calculated to generate an encrypted character string.
本实施例中,对账号信息进行加密计算的操作也是由浏览器插件提供的GetCode方法来实现的。In this embodiment, the operation of encrypting the account information is also implemented by the GetCode method provided by the browser plug-in.
其中,对账号信息进行加密计算的具体包括如下三个过程:The specific calculation of the account information includes the following three processes:
第一,通过向服务器发送HTTP协议来获取当前的时间戳。本实施例中,服务器能够对外提供精确可信的时间戳服务,它采用精确的时间源、高强度高标准的安全机制,以确认系统处理数据在某一时间的存在性和相关操作的相对时间顺序,为信息系统中的时间防抵赖提供基础服务。First, the current timestamp is obtained by sending an HTTP protocol to the server. In this embodiment, the server can provide an accurate and reliable time stamp service externally, and adopts a precise time source, high strength and high standard security mechanism to confirm the existence of the system processing data at a certain time and the relative time of related operations. The order provides the basic services for time non-repudiation in the information system.
第二,将所获取的时间戳、用户选择的已登录账号及其账号信息按照预设顺序进行拼接,得到拼接字符串。可选地,本实施例可以将上述信息按照如下顺序进行拼接,即时间戳、用户选择的已登录账号、账号信息中的cookieQ值、账号信息中的cookieT值。Secondly, the obtained timestamp, the logged-in account selected by the user, and the account information thereof are spliced in a preset order to obtain a spliced string. Optionally, in this embodiment, the foregoing information may be spliced in the following order, that is, a timestamp, a logged-in account selected by the user, a cookie Q value in the account information, and a cookie T value in the account information.
第三,采用预设加密规则和预定加密密钥对拼接字符串进行加密,生成加密字符串。其中,预设加密密钥为服务器与登录设备之间约定好的固定公钥,上述的预设加密规则可以为AESECB256加密和BASE64编码,即对使用上述公钥对拼接字符串进行加密,并对其执行BASE64_ENCODE编码操作。 Third, the spliced string is encrypted by using a preset encryption rule and a predetermined encryption key to generate an encrypted string. The preset encryption key is a fixed public key agreed between the server and the login device, and the foregoing preset encryption rule may be AESCB256 encryption and BASE64 encoding, that is, the spliced string is encrypted by using the public key, and It performs the BASE64_ENCODE encoding operation.
接着,执行步骤S206,将生成的加密字符串发送给服务器。可选地,可以通过HTTP协议将生成的加密字符串发送给服务器。Next, step S206 is executed to send the generated encrypted character string to the server. Optionally, the generated encrypted string can be sent to the server through the HTTP protocol.
服务器在接收到登录设备发送的加密字符串之后,执行步骤S207。在步骤S207中,由服务器对加密字符串进行校验,并判断是否通过。若校验不通过,则执行步骤S208,即停止操作或者向登录设备返回验证失败的响应,若校验成功,则执行步骤S209。After receiving the encrypted character string sent by the login device, the server performs step S207. In step S207, the encrypted character string is checked by the server and judged whether it has passed. If the verification fails, step S208 is executed, that is, the operation is stopped or the response to the verification failure is returned to the login device. If the verification is successful, step S209 is performed.
本实施例中,服务器对加密字符串进行校验的方式包括:In this embodiment, the method for the server to verify the encrypted string includes:
第一,校验加密字符串是否来自于指定域名。例如,当加密字符串来自于指定域名“axlogin.passport.360.cn”时,则校验成功。First, verify that the encrypted string is from the specified domain name. For example, when the encrypted string comes from the specified domain name "axlogin.passport.360.cn", the verification is successful.
第二,校验加密字符串是否使用过。本实施例中,将正确的加密字符串整体存储至Memcache中,并记录已经使用过。每次校验加密字符串是否使用过时,会校验加密字符串是否已经存在于Memcache中,若存在,则说明该加密字符串已经被使用过,此时,系统拒绝访问,若未存在,则说明该加密字符串未被使用过,此时,校验加密字符串成功。Second, verify that the encrypted string has been used. In this embodiment, the correct encrypted string is stored in the Memcache as a whole, and the record has been used. Each time the encrypted string is checked for elapsed time, it will check whether the encrypted string already exists in Memcache. If it exists, it indicates that the encrypted string has been used. At this time, the system refuses to access. If it does not exist, then Indicates that the encrypted string has not been used. In this case, verify that the encrypted string is successful.
第三,校验加密字符串是否解密成功,且携带的时间戳、特定已登录账号和账号信息完整。本实施例中,服务器在接收到加密字符串后,采用与登录设备约定的私钥以及解密方式对其进行解密。若解密不成功,则说明加密字符串校验失败,若解密成功,则判断解密后得到的时间戳、特定已登录账号和账号信息是否是完整的,且当时间戳、特定已登录账号和账号信息完整时,确定加密字符串校验通过。Third, verify that the encrypted string is successfully decrypted, and that the carried timestamp, the specific registered account, and the account information are complete. In this embodiment, after receiving the encrypted character string, the server decrypts the private key and the decryption method agreed upon by the login device. If the decryption is unsuccessful, the encryption string verification fails. If the decryption is successful, it is determined whether the timestamp obtained after decryption, the specific registered account number and the account information are complete, and the timestamp, the specific registered account and the account number. When the information is complete, it is determined that the encrypted string is verified.
第四,校验加密字符串中携带的时间戳是否过期。该校验过程需要在上述第三步校验通过后执行,通常,为了增加安全性,服务器提供的时间戳都会具有有效期限。例如,有效期限为5分钟,此时,校验加密字符串中携带的时间戳是否已经超过了5分钟,若未超出,则说明时间戳未过期,即通过校验,否则说明时间戳已过期失效,即校验不通过。Fourth, verify that the timestamp carried in the encrypted string is out of date. The verification process needs to be performed after the verification of the third step above. Generally, in order to increase security, the time stamp provided by the server will have an expiration date. For example, the validity period is 5 minutes. In this case, check whether the timestamp carried in the encrypted string has exceeded 5 minutes. If it is not exceeded, the timestamp has not expired, that is, the verification is passed. Otherwise, the timestamp has expired. Failure, that is, the verification does not pass.
第五,校验加密字符串中携带的账号信息是否有效。该校验过程也需要在上述第三步校验通过后执行。上述已经说明,账号信息至少包括已登录账号的cookieQ串和cookieT串两部分,本实施在校验加密字符串中携带的账号信息是否有效时,则将cookieQ串中所包括已登录账号对应的基本信息进行校验加密,并将加密结果与cookieT进行比较,当比较相同时,说明加密字符串中携带的账号信息有效,即校验通过,否则说明加密字符串中携带的账号信息无效,即校验不通过。Fifth, verify that the account information carried in the encrypted string is valid. The verification process also needs to be performed after the verification of the third step above. As described above, the account information includes at least two parts of the cookieQ string and the cookie T string of the logged-in account. If the account information carried in the encrypted string is valid, the implementation of the cookieQ includes the basic account corresponding to the logged-in account. The information is verified and encrypted, and the encryption result is compared with the cookieT. When the comparison is the same, the account information carried in the encrypted string is valid, that is, the verification is passed, otherwise the account information carried in the encrypted string is invalid, that is, the school The test will not pass.
第六,校验加密字符串中携带的账号信息中的用户账号与用户选择的已登录账号是否相同。该校验过程也需要在上述第三步校验通过后执行,此时,将账号信息 cookieQ串中包括的用户账号与解密得到的用户已登录账号进行比较,当比较相同时,说明加密字符串中携带的账号信息正确,校验通过,否则说明加密字符串中携带的账号信息不正确,校验不通过。Sixth, it is verified whether the user account in the account information carried in the encrypted string is the same as the registered account selected by the user. The verification process also needs to be performed after the third step of the above verification, and at this time, the account information is The user account included in the cookieQ string is compared with the user account that has been decrypted. If the comparison is the same, the account information carried in the encrypted string is correct and the check is passed. Otherwise, the account information carried in the encrypted string is incorrect. The verification does not pass.
当对加密字符串校验成功后,继续执行步骤S209,生成与用户选择的已登录账号对应的cookie加密串,并将其返回给登录设备。After the verification of the encrypted string is successful, step S209 is continued to generate a cookie encryption string corresponding to the registered account selected by the user, and return it to the login device.
其中,该cookie加密串根据用户选择的已登录账号生成,并且该cookie加密串在预设时间内有效,例如,服务器将cookie加密串设置为10分钟有效,过期则失效。The cookie encryption string is generated according to the selected login account selected by the user, and the cookie encryption string is valid for a preset time. For example, the server sets the cookie encryption string to be valid for 10 minutes, and expires.
登录设备接收服务器返回的cookie加密串后执行步骤S210,即设置cookie加密串用于登录指定域名,并利用cookie加密串对指定域名进行登录。After the login device receives the cookie encryption string returned by the server, step S210 is performed, that is, the cookie encryption string is set to log in to the specified domain name, and the specified domain name is registered by using the cookie encryption string.
本实施例中,步骤S209中已经说明了服务器再返回cookie加密串时,都会为其设置有效时间,所以,上述浏览器的特定脚本可以在该有效时间内自动保存对cookie加密串的设置,即登录设备在有效时间内自动使用该用户选择的登录账号对指定域名进行登录。In this embodiment, when the server returns to the cookie encryption string in step S209, the valid time is set for the server, so that the specific script of the browser can automatically save the setting of the cookie encryption string within the valid time, that is, The login device automatically logs in to the specified domain name using the login account selected by the user within the valid time.
需要说明的是,本实施例中,在登录设备已经使用该用户选择的登录账号对指定域名进行登录之后,服务器会将加密串字符串标记为已使用,并将其储至Memcache中。It should be noted that, in this embodiment, after the login device has logged in to the specified domain name using the login account selected by the user, the server marks the encrypted string as used and stores it in the Memcache.
本发明实施例提供了一种用户登录的方法,在用户在对指定域名进行登录时,可以通过为浏览器增加插件来检测得到用户在本地的客户端中登录的账号信息,提醒用户本地已存在的账号信息,用户可以选择其中的账户进行指定域名网站的登录,从而省去了再次输入账号密码的步骤,简化了用户操作,具有更好的用户体验。The embodiment of the invention provides a method for the user to log in. When the user logs in to the specified domain name, the user can add the plug-in for the browser to detect the account information that the user logs in to the local client, and remind the user that the local device exists. The account information, the user can select the account to log in to the designated domain name website, thereby eliminating the step of inputting the account password again, simplifying the user operation and having a better user experience.
进一步地,本发明实施例会预先将用户的账号信息写入共享内存,并对共享内存中存储的数据进行访问限制,只允许合法的插件进行调用,能够避免用户的账号信息被恶意程序获取,增加用户的账号信息的安全性。Further, in the embodiment of the present invention, the account information of the user is written into the shared memory in advance, and the access restriction is performed on the data stored in the shared memory, and only the legal plug-in is allowed to be called, thereby preventing the user account information from being acquired by the malicious program, and increasing The security of the user's account information.
进一步地,本发明实施例所提供的插件在获取用户的账号信息前,会对加载进程的微软数字签名进行验证,以保证插件被恶意程序调用导致用户的账号信息的泄露。Further, the plug-in provided by the embodiment of the present invention verifies the Microsoft digital signature of the loading process before acquiring the account information of the user, so as to ensure that the plug-in is invoked by the malicious program, and the account information of the user is leaked.
进一步地,本发明实施例所提供的浏览器插件,在展示用户已在本地客户端登陆的账号列表时,显示与用户的账号对应的头像,使得用户更加容易辨别自己的账户,有助于提升用户体验。Further, the browser plug-in provided by the embodiment of the present invention displays an avatar corresponding to the user's account when displaying the account list that the user has logged in on the local client, so that the user can more easily identify the account and help improve. user experience.
进一步地,在利用本实施例所提供的插件进行用户账号验证时,账号信息通过加密算法加密后进行传输,且增加时间戳信息,能够增加用户账号验证的安全性, 避免被非法的黑客截取后导致用户的损失。Further, when the user account is verified by using the plug-in provided in this embodiment, the account information is encrypted and transmitted by the encryption algorithm, and the timestamp information is added, thereby increasing the security of the user account verification. Avoid being intercepted by illegal hackers and causing loss to users.
实施例三Embodiment 3
图4是本发明一个实施例提供的一种用户登录设备的结构框图,该设备400包括:FIG. 4 is a structural block diagram of a user login device according to an embodiment of the present invention. The device 400 includes:
存储器410,配置为存储用户当前在各客户端的已登录账号及账号信息;The memory 410 is configured to store the currently registered account and account information of the user at each client;
登录列表获取器420,与存储器410相耦合,配置为从存储器中获取与指定域名对应的各客户端的已登录账号,生成由已登录账号组成的登录列表;The login list acquirer 420 is coupled to the memory 410 and configured to acquire the logged-in account of each client corresponding to the specified domain name from the memory, and generate a login list composed of the logged-in account.
信息获取器430,与存储器410与登录列表获取器420相耦合,配置为根据登录列表中的特定已登录账号,从存储器410中获取特定已登录账号的账号信息;The information acquirer 430 is coupled to the memory 410 and the login list acquirer 420, and configured to acquire the account information of the specific registered account from the memory 410 according to the specific registered account in the login list;
账号登录器440,与信息获取器430相耦合,配置为利用所获取的账号信息登录指定域名。The account registrar 440 is coupled to the information acquirer 430 and configured to log in to the designated domain name using the acquired account information.
可选地,登录列表获取器420包括:Optionally, the login list acquirer 420 includes:
插件检测单元421,配置检测是否已安装与指定域名对应的浏览器插件;The plug-in detecting unit 421 is configured to detect whether a browser plug-in corresponding to the specified domain name is installed;
账号读取单元422,配置为当插件检测单元421检测到已安装该浏览器插件时,调用浏览器插件,获取与指定域名对应的各客户端的已登录账号;The account reading unit 422 is configured to, when the plug-in detecting unit 421 detects that the browser plug-in is installed, invoke the browser plug-in to obtain the registered account of each client corresponding to the specified domain name;
列表生成单元423,配置为生成由已登录账号组成的登录列表。The list generating unit 423 is configured to generate a login list composed of the registered accounts.
可选地,登录列表包括已登录账号的标识和/或与已登录账号对应的头像。Optionally, the login list includes an identifier of the logged in account and/or an avatar corresponding to the logged in account.
可选地,信息获取器430还配置为对特定已登录账号信息进行加密。Optionally, the information acquirer 430 is further configured to encrypt the particular logged in account information.
可选地,信息获取器430包括:Optionally, the information acquirer 430 includes:
时间戳获取单元431,配置为获取当前时间戳;The timestamp obtaining unit 431 is configured to acquire a current timestamp.
加密处理单元432,配置为采用预设加密规则对时间戳、特定已登录账号及其账号信息进行加密,生成加密字符串。The encryption processing unit 432 is configured to encrypt the time stamp, the specific registered account, and the account information by using a preset encryption rule to generate an encrypted character string.
可选地,加密处理单元432还配置为按照如下方式生成加密字符串:Optionally, the encryption processing unit 432 is further configured to generate an encrypted string as follows:
将时间戳、特定已登录账号及其账号信息按照预设顺序进行拼接,得到拼接字符串;The timestamp, the specific logged-in account, and the account information thereof are spliced in a preset order to obtain a spliced string;
采用预设加密规则和预定加密密钥对拼接字符串进行加密,生成加密字符串。The spliced string is encrypted by using a preset encryption rule and a predetermined encryption key to generate an encrypted string.
可选地,账号登录器440包括:Optionally, the account registrar 440 includes:
数据发送单元441,配置为将加密字符串通过超文本传送协议(HTTP)发送给服务器进行校验;The data sending unit 441 is configured to send the encrypted string to the server for verification by using a hypertext transfer protocol (HTTP);
数据接收单元442,配置为接收服务器返回的cookie加密串,其中,cookie加密串与特定已登录账号对应,且由服务器在校验加密字符串通过后生成;The data receiving unit 442 is configured to receive a cookie encryption string returned by the server, where the cookie encryption string corresponds to a specific logged-in account, and is generated by the server after verifying that the encrypted string is passed;
登录设置单元443,配置为设置cookie加密串用于登录指定域名,并利用cookie 加密串对指定域名进行登录。The login setting unit 443 is configured to set a cookie encryption string for logging in the specified domain name and using the cookie The encrypted string is logged in to the specified domain name.
可选地,登录设置单元443还配置为在预设时间内设置cookie加密串用于登录指定域名,并利用cookie加密串对指定域名进行登录。Optionally, the login setting unit 443 is further configured to set a cookie encryption string for logging in the specified domain name within a preset time, and log in to the specified domain name by using a cookie encryption string.
可选地,加密字符串通过服务器校验的条件包括下列至少之一:Optionally, the condition that the encrypted string is verified by the server includes at least one of the following:
加密字符串来自指定域名;The encrypted string comes from the specified domain name;
加密字符串未使用过;The encrypted string has not been used;
加密字符串解密成功,且携带的时间戳、特定已登录账号和账号信息完整;The encrypted string is successfully decrypted, and the timestamp, specific registered account, and account information carried are complete;
加密字符串中携带的时间戳未过期;The timestamp carried in the encrypted string has not expired.
加密字符串中携带的账号信息有效;The account information carried in the encrypted string is valid.
加密字符串中携带的账号信息中的用户账号与用户选择的已登录账号相同。The user account in the account information carried in the encrypted string is the same as the registered account selected by the user.
可选地,存储器410中存储的账号信息至少包括已登录账号的cookieQ串和cookieT串两部分,cookieQ串包括已登录账号对应的基本信息,cookieT串包括对基本信息进行加密后生成的校验字符。Optionally, the account information stored in the memory 410 includes at least two parts: a cookieQ string and a cookie T string of the logged-in account, the cookieQ string includes basic information corresponding to the logged-in account, and the cookie T string includes a check character generated by encrypting the basic information. .
图5是本发明一个实施例提供的一种用户登录系统的结构图,该系统500包括上述用户登录设备400,还包括用于校验的服务器600。FIG. 5 is a structural diagram of a user login system according to an embodiment of the present invention. The system 500 includes the user login device 400, and further includes a server 600 for verification.
本发明实施例提供了一种用户登录设备和系统,通过该设备和系统,在用户在对指定域名进行登录时,可以通过为浏览器增加插件来检测得到用户在本地的客户端中登录的账号信息,提醒用户本地已存在的账号信息,用户可以选择其中的账户进行指定域名网站的登录,从而省去了再次输入账号密码的步骤,简化了用户操作,具有更好的用户体验。在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。An embodiment of the present invention provides a user login device and a system. When the user logs in to a specified domain name, the user can detect the account that the user logs in to the local client by adding a plug-in to the browser. The information reminds the user of the existing account information, and the user can select the account to log in to the designated domain name website, thereby eliminating the step of inputting the account password again, simplifying the user operation and having a better user experience. In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, the various features of the invention are sometimes grouped together into a single embodiment, in the above description of the exemplary embodiments of the invention, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those recited in the claims. Rather, as the following claims reflect, inventive aspects reside in less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the embodiments, and each of the claims as a separate embodiment of the invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子 模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. Modules or units or components in an embodiment may be combined into one module or unit or component, and in addition, they may be divided into multiple sub- Module or subunit or subcomponent. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。In addition, those skilled in the art will appreciate that, although some embodiments described herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present invention. Different embodiments are formed and formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的用户登录设备和用户登录系统中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components of the user login device and user login system in accordance with embodiments of the present invention. . The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
例如,图6示出了可以实现根据本发明的用户登录方法的计算设备,例如个人计算机等。该计算设备传统上包括处理器810和以存储器820形式的计算机程序产品或者计算机可读介质。存储器820可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器820具有用于执行上述方法中的任何方法步骤的程序代码831的存储空间830。例如,用于程序代码的存储空间830可以包括分别用于实现上面的方法中的各种步骤的各个程序代码831。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为如参考图7所述的便携式或者固定存储单元。该存储单元可以具有与图6的计算设备中的存储器820类似布置的存储段、存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括计算机可读代码831’,即可以由例如诸如810之类的处理器读取的代码,这些代码当由计算设备运行时,导致该计算设备执行上面所描述的方法中的各个步骤。For example, FIG. 6 illustrates a computing device, such as a personal computer or the like, that can implement a user login method in accordance with the present invention. The computing device conventionally includes a processor 810 and a computer program product or computer readable medium in the form of a memory 820. The memory 820 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM. Memory 820 has a memory space 830 for program code 831 for performing any of the method steps described above. For example, storage space 830 for program code may include various program code 831 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG. The storage unit may have storage segments, storage spaces, and the like that are similarly arranged to memory 820 in the computing device of FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit includes computer readable code 831', ie, code readable by a processor, such as 810, that when executed by a computing device causes the computing device to perform each of the methods described above step.
本文中所称的“一个实施例”、“实施例”或者“一个或者多个实施例”意味 着,结合实施例描述的特定特征、结构或者特性包括在本发明的至少一个实施例中。此外,请注意,这里“在一个实施例中”的词语例子不一定全指同一个实施例。As used herein, "one embodiment", "an embodiment" or "one or more embodiments" means The specific features, structures, or characteristics described in connection with the embodiments are included in at least one embodiment of the invention. In addition, it is noted that the phrase "in one embodiment" is not necessarily referring to the same embodiment.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.
此外,还应当注意,本说明书中使用的语言主要是为了可读性和教导的目的而选择的,而不是为了解释或者限定本发明的主题而选择的。因此,在不偏离所附权利要求书的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。对于本发明的范围,对本发明所做的公开是说明性的,而非限制性的,本发明的范围由所附权利要求书限定。 In addition, it should be noted that the language used in the specification has been selected for the purpose of readability and teaching, and is not intended to be construed or limited. Therefore, many modifications and changes will be apparent to those skilled in the art without departing from the scope of the invention. The disclosure of the present invention is intended to be illustrative, and not restrictive, and the scope of the invention is defined by the appended claims.

Claims (23)

  1. 一种用户登录方法,包括:A user login method includes:
    获取与指定域名对应的各客户端的已登录账号,生成由已登录账号组成的登录列表;Obtaining the logged in account of each client corresponding to the specified domain name, and generating a login list composed of the logged in account;
    根据所述登录列表中的特定已登录账号,获取所述特定已登录账号的账号信息;Obtaining account information of the specific logged-in account according to the specific logged-in account in the login list;
    利用所获取的账号信息登录所述指定域名。Logging in to the specified domain name using the obtained account information.
  2. 根据权利要求1所述的方法,其中,所述获取与指定域名对应的各客户端的已登录账号,包括:The method of claim 1, wherein the obtaining the logged-in account of each client corresponding to the specified domain name comprises:
    检测是否已安装与所述指定域名对应的浏览器插件;Detecting whether a browser plug-in corresponding to the specified domain name is installed;
    调用所述浏览器插件,获取与所述指定域名对应的各客户端的已登录账号。The browser plug-in is invoked to obtain the logged-in account of each client corresponding to the specified domain name.
  3. 根据权利要求1所述的方法,其中,所述登录列表包括已登录账号的标识和/或与已登录账号对应的头像。The method of claim 1, wherein the login list comprises an identification of the logged in account and/or an avatar corresponding to the logged in account.
  4. 根据权利要求1所述的方法,其中,所述获取特定已登录账号的账号信息,包括:The method of claim 1, wherein the obtaining the account information of the specific logged-in account comprises:
    对所述特定已登录账号信息进行加密。Encrypting the specific registered account information.
  5. 根据权利要求4所述的方法,其中,所述对所述特定已登录获取的账号信息进行加密,包括:The method according to claim 4, wherein the encrypting the account information obtained by the specific login has included:
    获取当前时间戳;Get the current timestamp;
    采用预设加密规则对所述时间戳、特定已登录账号及其账号信息进行加密,生成加密字符串。The time stamp, the specific registered account and the account information thereof are encrypted by using a preset encryption rule to generate an encrypted character string.
  6. 根据权利要求5所述的方法,其中,所述采用预设加密规则对所述时间戳、特定已登录账号及其账号信息进行加密,生成加密字符串,包括:The method according to claim 5, wherein the encrypting the time stamp, the specific registered account and the account information thereof by using a preset encryption rule, and generating an encrypted character string, comprising:
    将所述时间戳、特定已登录账号及其账号信息按照预设顺序进行拼接,得到拼接字符串;The timestamp, the specific logged-in account, and the account information thereof are spliced in a preset order to obtain a spliced string;
    采用预设加密规则和预定加密密钥对所述拼接字符串进行加密,生成加密字符串。 The spliced string is encrypted by using a preset encryption rule and a predetermined encryption key to generate an encrypted string.
  7. 根据权利要求5所述的方法,其中,所述利用所获取的账号信息登录所述指定域名,包括:The method of claim 5, wherein the logging in the specified domain name using the acquired account information comprises:
    将所述加密字符串通过超文本传送协议发送给服务器进行校验;Sending the encrypted string to the server for verification by using a hypertext transfer protocol;
    接收所述服务器返回的cookie加密串,其中,所述cookie加密串与所述特定已登录账号对应,且由所述服务器在校验所述加密字符串通过后生成;以及Receiving a cookie encryption string returned by the server, wherein the cookie encryption string corresponds to the specific logged in account, and is generated by the server after verifying that the encrypted string is passed;
    设置所述cookie加密串用于登录所述指定域名,并利用所述cookie加密串对所述指定域名进行登录。The cookie encryption string is set to log in to the specified domain name, and the specified domain name is logged in by using the cookie encryption string.
  8. 根据权利要求7所述的方法,其中,所述设置所述cookie加密串用于登录所述指定域名,包括:The method of claim 7, wherein said setting said cookie encryption string for logging in said specified domain name comprises:
    在预设时间内设置所述cookie加密串用于登录所述指定域名。The cookie encryption string is set for logging in to the specified domain name within a preset time.
  9. 根据权利要求7所述的方法,其中,所述加密字符串通过所述服务器校验的条件包括下列至少之一:The method of claim 7, wherein the condition that the encrypted string is verified by the server comprises at least one of the following:
    所述加密字符串来自所述指定域名;The encrypted string is from the specified domain name;
    所述加密字符串未使用过;The encrypted string has not been used;
    所述加密字符串解密成功,且携带的所述时间戳、所述特定已登录账号和账号信息完整;The encrypted string is successfully decrypted, and the time stamp, the specific registered account, and the account information carried are complete;
    所述加密字符串中携带的时间戳未过期;The timestamp carried in the encrypted string has not expired;
    所述加密字符串中携带的账号信息有效;The account information carried in the encrypted string is valid;
    所述加密字符串中携带的账号信息中的用户账号与所述用户选择的已登录账号相同。The user account in the account information carried in the encrypted string is the same as the registered account selected by the user.
  10. 根据权利要求1至9中任一项所述的方法,其中,所述账号信息至少包括已登录账号的cookieQ串和cookieT串两部分,所述cookieQ串包括已登录账号对应的基本信息,所述cookieT串包括对所述基本信息进行加密后生成的校验字符。The method according to any one of claims 1 to 9, wherein the account information includes at least two parts of a cookieQ string and a cookie T string of the logged-in account, the cookieQ string including basic information corresponding to the logged-in account, The cookieT string includes a check character generated by encrypting the basic information.
  11. 一种用户登录设备,其包括:A user login device includes:
    存储器,配置为存储用户当前在各客户端的已登录账号及账号信息;a memory configured to store the currently logged in account and account information of each user on the client;
    登录列表获取器,配置为从所述存储器中获取与指定域名对应的各客户端的已登录账号,生成由已登录账号组成的登录列表; The login list acquirer is configured to obtain, from the memory, the logged-in account of each client corresponding to the specified domain name, and generate a login list composed of the logged-in account;
    信息获取器,配置为根据所述登录列表中的特定已登录账号,在所述存储器中获取所述特定已登录账号的账号信息;An information acquirer, configured to acquire account information of the specific logged-in account in the memory according to a specific logged-in account in the login list;
    账号登录器,配置为利用所获取的账号信息登录所述指定域名。The account registrar is configured to log in to the specified domain name by using the obtained account information.
  12. 根据权利要求11所述的设备,其中,所述登录列表获取器包括:The device of claim 11, wherein the login list acquirer comprises:
    插件检测单元,配置检测是否已安装与所述指定域名对应的浏览器插件;a plug-in detecting unit configured to detect whether a browser plug-in corresponding to the specified domain name is installed;
    账号读取单元,配置为当所述插件检测单元检测到已安装该浏览器插件时,调用所述浏览器插件,获取与所述指定域名对应的各客户端的已登录账号;The account reading unit is configured to: when the plug-in detecting unit detects that the browser plug-in is installed, invoke the browser plug-in to obtain a registered account of each client corresponding to the specified domain name;
    列表生成单元,配置为生成由已登录账号组成的登录列表。The list generation unit is configured to generate a login list composed of the registered accounts.
  13. 根据权利要求11所述的设备,其中,所述登录列表包括已登录账号的标识和/或与已登录账号对应的头像。The device according to claim 11, wherein the login list comprises an identifier of the logged in account and/or an avatar corresponding to the logged in account.
  14. 根据权利要求11所述的设备,其中,所述信息获取器还配置为对所述特定已登录账号信息进行加密。The device of claim 11, wherein the information acquirer is further configured to encrypt the particular logged in account information.
  15. 根据权利要求14所述的设备,其中,所述信息获取器包括:The device of claim 14, wherein the information acquirer comprises:
    时间戳获取单元,配置为获取当前时间戳;a timestamp obtaining unit configured to obtain a current timestamp;
    加密处理单元,配置为采用预设加密规则对所述时间戳、特定已登录账号及其账号信息进行加密,生成加密字符串。The encryption processing unit is configured to encrypt the time stamp, the specific registered account, and the account information by using a preset encryption rule to generate an encrypted string.
  16. 根据权利要求15所述的设备,其中,所述加密处理单元还配置为按照如下方式生成加密字符串:The apparatus of claim 15, wherein the encryption processing unit is further configured to generate an encrypted string as follows:
    将所述时间戳、特定已登录账号及其账号信息按照预设顺序进行拼接,得到拼接字符串;The timestamp, the specific logged-in account, and the account information thereof are spliced in a preset order to obtain a spliced string;
    采用预设加密规则和预定加密密钥对所述拼接字符串进行加密,生成加密字符串。The spliced string is encrypted by using a preset encryption rule and a predetermined encryption key to generate an encrypted string.
  17. 根据权利要求15所述的设备,其中,所述账号登录器包括:The device of claim 15, wherein the account registrar comprises:
    数据发送单元,配置为将所述加密字符串通过超文本传送协议发送给服务器进行校验;a data sending unit, configured to send the encrypted string to the server for verification by using a hypertext transfer protocol;
    数据接收单元,配置为接收所述服务器返回的cookie加密串,其中,所述cookie 加密串与所述特定已登录账号对应,且由所述服务器在校验所述加密字符串通过后生成;a data receiving unit, configured to receive a cookie encryption string returned by the server, where the cookie The encrypted string corresponds to the specific registered account, and is generated by the server after verifying that the encrypted string is passed;
    登录设置单元,配置为设置所述cookie加密串用于登录所述指定域名,并利用所述cookie加密串对所述指定域名进行登录。And a login setting unit configured to set the cookie encryption string to log in to the specified domain name, and log in the specified domain name by using the cookie encryption string.
  18. 根据权利要求17所述的设备,其中,所述登录设置单元还配置为在预设时间内设置所述cookie加密串用于登录所述指定域名,并利用所述cookie加密串对所述指定域名进行登录。The device according to claim 17, wherein said login setting unit is further configured to set said cookie encryption string for logging in said designated domain name within a preset time, and encrypting said designated domain name with said cookie Log in.
  19. 根据权利要求17所述的设备,其中,所述加密字符串通过所述服务器校验的条件包括下列至少之一:The apparatus of claim 17, wherein the condition that the encrypted string is verified by the server comprises at least one of the following:
    所述加密字符串来自所述指定域名;The encrypted string is from the specified domain name;
    所述加密字符串未使用过;The encrypted string has not been used;
    所述加密字符串解密成功,且携带的所述时间戳、所述特定已登录账号和账号信息完整;The encrypted string is successfully decrypted, and the time stamp, the specific registered account, and the account information carried are complete;
    所述加密字符串中携带的时间戳未过期;The timestamp carried in the encrypted string has not expired;
    所述加密字符串中携带的账号信息有效;The account information carried in the encrypted string is valid;
    所述加密字符串中携带的账号信息中的用户账号与所述用户选择的已登录账号相同。The user account in the account information carried in the encrypted string is the same as the registered account selected by the user.
  20. 根据权利要求11至19中任一项所述的设备,其中,所述存储器中存储的账号信息至少包括已登录账号的cookieQ串和cookieT串两部分,所述cookieQ串包括已登录账号对应的基本信息,所述cookieT串包括对所述基本信息进行加密后生成的校验字符。The device according to any one of claims 11 to 19, wherein the account information stored in the memory includes at least two parts of a cookieQ string and a cookie T string of the logged-in account, and the cookieQ string includes a basic corresponding to the logged-in account. Information, the cookie T string includes a check character generated by encrypting the basic information.
  21. 一种用户登录系统,包括权利要求11至20中任一项所述的用户登录设备,还包括用于校验的服务器。A user login system, comprising the user login device of any one of claims 11 to 20, further comprising a server for verification.
  22. 一种计算机程序,包括计算机可读代码,当所述计算机可读代码在计算设备上运行时,导致所述计算设备执行根据权利要求1至10中的任一项所述的用户登录方法。 A computer program comprising computer readable code, when the computer readable code is run on a computing device, causing the computing device to perform the user login method of any one of claims 1 to 10.
  23. 一种计算机可读介质,其中存储了如权利要求22所述的计算机程序。 A computer readable medium storing the computer program of claim 22.
PCT/CN2014/086298 2013-11-01 2014-09-11 Method, device, and system for user login WO2015062362A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310535848.XA CN103647746A (en) 2013-11-01 2013-11-01 User login method, device and system
CN201310535848.X 2013-11-01

Publications (1)

Publication Number Publication Date
WO2015062362A1 true WO2015062362A1 (en) 2015-05-07

Family

ID=50252902

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/086298 WO2015062362A1 (en) 2013-11-01 2014-09-11 Method, device, and system for user login

Country Status (2)

Country Link
CN (1) CN103647746A (en)
WO (1) WO2015062362A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110287691A (en) * 2019-05-21 2019-09-27 深圳壹账通智能科技有限公司 Application program login method, device, equipment and storage medium
CN111786932A (en) * 2019-04-04 2020-10-16 阿里巴巴集团控股有限公司 Account login method and device, electronic equipment and computer storage medium
CN112491839A (en) * 2020-11-17 2021-03-12 中国平安人寿保险股份有限公司 Cross-system-based login processing method and device, computer equipment and medium
CN116112247A (en) * 2023-01-17 2023-05-12 广州通则康威智能科技有限公司 CPE management background login method and system based on browser plug-in
CN117151068A (en) * 2023-10-23 2023-12-01 国网浙江省电力有限公司 Digital intelligent financial sharing method and sharing center

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647746A (en) * 2013-11-01 2014-03-19 北京奇虎科技有限公司 User login method, device and system
CN105472608B (en) * 2014-09-09 2019-01-15 联想(北京)有限公司 A kind of information processing method and the first electronic equipment
CN104392378B (en) * 2014-12-10 2018-02-27 北京京东尚科信息技术有限公司 A kind of article that adds is to the method and system of shopping cart
CN104660589B (en) * 2015-01-20 2021-09-10 中兴通讯股份有限公司 Method, system and terminal for encrypting control and information analysis of information
CN105630302A (en) * 2015-08-07 2016-06-01 宇龙计算机通信科技(深圳)有限公司 User domain switching method, switching system and mobile terminal
CN105577651B (en) * 2015-12-16 2019-04-23 广州酷狗计算机科技有限公司 Service providing method and device
CN106330979B (en) * 2016-11-09 2019-12-17 腾讯科技(深圳)有限公司 Router login method and device
CN109309655B (en) * 2017-07-28 2020-12-04 深圳光峰科技股份有限公司 Stateless communication security signature method, terminal and server
CN108600391A (en) * 2018-05-15 2018-09-28 北京汉能光伏投资有限公司 A kind of method and device of setting head portrait
CN109413105A (en) * 2018-12-12 2019-03-01 深圳市丰巢科技有限公司 A kind of network request processing method, device, computer equipment and storage medium
CN110147658A (en) * 2019-04-16 2019-08-20 平安科技(深圳)有限公司 User information encipher-decipher method, system and computer equipment
CN110602139B (en) * 2019-09-27 2021-08-13 成都九曲互动科技有限公司 Recharge login access method and system based on Tencent cloud

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102215232A (en) * 2011-06-07 2011-10-12 浪潮齐鲁软件产业有限公司 Single sign-on method
CN102291456A (en) * 2011-08-11 2011-12-21 Tcl集团股份有限公司 account number management method, device and system
WO2012015099A1 (en) * 2010-07-29 2012-02-02 주식회사 반딧불 Apparatus and method for providing web service using a single-use secure token
CN103036993A (en) * 2012-12-18 2013-04-10 北京奇虎科技有限公司 Browser client-side and method of achieving website logging
CN103647746A (en) * 2013-11-01 2014-03-19 北京奇虎科技有限公司 User login method, device and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127603B (en) * 2007-08-16 2010-08-04 中兴通讯股份有限公司 A method for single point login of portal website and IMS client
CN101815291A (en) * 2010-03-22 2010-08-25 中兴通讯股份有限公司 Method and system for logging on client automatically
CN103124260B (en) * 2012-12-14 2016-06-29 北京新媒传信科技有限公司 The login method of a kind of Web page and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012015099A1 (en) * 2010-07-29 2012-02-02 주식회사 반딧불 Apparatus and method for providing web service using a single-use secure token
CN102215232A (en) * 2011-06-07 2011-10-12 浪潮齐鲁软件产业有限公司 Single sign-on method
CN102291456A (en) * 2011-08-11 2011-12-21 Tcl集团股份有限公司 account number management method, device and system
CN103036993A (en) * 2012-12-18 2013-04-10 北京奇虎科技有限公司 Browser client-side and method of achieving website logging
CN103647746A (en) * 2013-11-01 2014-03-19 北京奇虎科技有限公司 User login method, device and system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111786932A (en) * 2019-04-04 2020-10-16 阿里巴巴集团控股有限公司 Account login method and device, electronic equipment and computer storage medium
CN111786932B (en) * 2019-04-04 2023-06-20 阿里巴巴集团控股有限公司 Account login method and device, electronic equipment and computer storage medium
CN110287691A (en) * 2019-05-21 2019-09-27 深圳壹账通智能科技有限公司 Application program login method, device, equipment and storage medium
CN112491839A (en) * 2020-11-17 2021-03-12 中国平安人寿保险股份有限公司 Cross-system-based login processing method and device, computer equipment and medium
CN112491839B (en) * 2020-11-17 2022-10-21 中国平安人寿保险股份有限公司 Cross-system-based login processing method and device, computer equipment and medium
CN116112247A (en) * 2023-01-17 2023-05-12 广州通则康威智能科技有限公司 CPE management background login method and system based on browser plug-in
CN116112247B (en) * 2023-01-17 2024-01-16 广州通则康威科技股份有限公司 CPE management background login method and system based on browser plug-in
CN117151068A (en) * 2023-10-23 2023-12-01 国网浙江省电力有限公司 Digital intelligent financial sharing method and sharing center
CN117151068B (en) * 2023-10-23 2024-01-26 国网浙江省电力有限公司 Digital intelligent financial sharing method and sharing center

Also Published As

Publication number Publication date
CN103647746A (en) 2014-03-19

Similar Documents

Publication Publication Date Title
WO2015062362A1 (en) Method, device, and system for user login
JP6282349B2 (en) Method and system for determining whether a terminal logged into a website is a mobile terminal
US10460097B2 (en) Malicious client detection based on usage of negotiable protocols
JP5329859B2 (en) Method of detecting an illegal SSL certificate / DNS redirect used in a farming / phishing attack
US10164997B2 (en) Security verification by message interception and modification
KR101948721B1 (en) Method and apparatus for examining forgery of file by using file hash value
EP2385679B1 (en) Locally stored phishing countermeasure
KR102182906B1 (en) Securely handling server certificate errors in synchronization communication
WO2015062378A1 (en) User registration method, mobile terminal and server of client application program
US10523699B1 (en) Privilege escalation vulnerability detection using message digest differentiation
US9294479B1 (en) Client-side authentication
US9607145B2 (en) Automated vulnerability and error scanner for mobile applications
CN107733883B (en) Method and device for detecting account numbers registered in batches
US11792221B2 (en) Rest API scanning for security testing
CN104580112A (en) Service authentication method and system, and server
CN103647652B (en) A kind of method for realizing data transfer, device and server
CN113938886A (en) Identity authentication platform test method, device, equipment and storage medium
CN109495458A (en) A kind of method, system and the associated component of data transmission
TWI546698B (en) Login system based on servers, login authentication server, and authentication method thereof
US20230403562A1 (en) Systems and methods for verified communication between mobile applications
US9825971B2 (en) Anonymous server based user settings protection
CN105323287B (en) Third-party application program login method and system
TWM551721U (en) Login system implemented along with a mobile device without password
US20230376953A1 (en) Systems and methods for verified communication between mobile applications
TWI670618B (en) Login system implemented along with a mobile device without password and method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14858110

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14858110

Country of ref document: EP

Kind code of ref document: A1