WO2020093214A1 - Application program login method, application program login device and mobile terminal - Google Patents

Application program login method, application program login device and mobile terminal Download PDF

Info

Publication number
WO2020093214A1
WO2020093214A1 PCT/CN2018/114020 CN2018114020W WO2020093214A1 WO 2020093214 A1 WO2020093214 A1 WO 2020093214A1 CN 2018114020 W CN2018114020 W CN 2018114020W WO 2020093214 A1 WO2020093214 A1 WO 2020093214A1
Authority
WO
WIPO (PCT)
Prior art keywords
login account
login
mobile terminal
server
account
Prior art date
Application number
PCT/CN2018/114020
Other languages
French (fr)
Chinese (zh)
Inventor
陈岩
Original Assignee
深圳市欢太科技有限公司
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市欢太科技有限公司, Oppo广东移动通信有限公司 filed Critical 深圳市欢太科技有限公司
Priority to CN201880097797.8A priority Critical patent/CN112771826B/en
Priority to PCT/CN2018/114020 priority patent/WO2020093214A1/en
Publication of WO2020093214A1 publication Critical patent/WO2020093214A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present application belongs to the field of electronic technology, and particularly relates to an application program login method, an application program login device, a mobile terminal, and a computer-readable storage medium.
  • the user is required to log in to the application first.
  • the commonly used login method is: the user fills in the login account on the login interface (for example, fills in the phone number and SMS verification code), the application verifies whether the login account filled in by the user is legal, and if it is legal, logs in to the application, otherwise, login The application.
  • This application provides an application program login method, an application program login device, a mobile terminal, and a computer-readable storage medium, which can improve the security of application program login to a certain extent.
  • the first aspect of this application provides an application login method, which is applied to a mobile terminal and includes:
  • the judgment result indicates that the login account is a registered account for logging in to the target application, log in to the target application.
  • a second aspect of the present application provides a mobile terminal, including a preset memory, a processor, and a computer program stored in the preset memory and executable on the processor, and the processor implements the following steps when executing the computer program :
  • the judgment result indicates that the login account is a registered account for logging in to the target application, log in to the target application.
  • the third aspect of the present application provides an application login device, which is applied to a mobile terminal and includes:
  • the account reading module is used to read the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
  • the account sending module is used to send the above login account to the first server to instruct the first server to perform the judgment whether the above login account is a registered account for logging in to the target application;
  • a result receiving module configured to receive the judgment result returned by the first server
  • the first login module is configured to log in to the target application if the judgment result indicates that the login account is a registered account for logging in to the target application.
  • a fourth aspect of the present application provides a computer-readable storage medium.
  • the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps of the method of the first aspect described above are implemented.
  • a fifth aspect of the present application provides a computer program product.
  • the computer program product includes a computer program.
  • the computer program is executed by one or more processors, the steps of the method of the first aspect described above are implemented.
  • FIG. 1 is a schematic diagram of an implementation process of an application login method provided in Embodiment 1 of the present application;
  • FIG. 2 is a flowchart of an implementation method for writing a login account to a TEE memory provided by Embodiment 1 of the present application;
  • FIG. 3 is a schematic flowchart of another application login method provided in Embodiment 2 of the present application.
  • FIG. 4 is a schematic structural diagram of an application login device provided in Embodiment 3 of the present application.
  • FIG. 5 is a schematic structural diagram of a mobile terminal provided in Embodiment 4 of the present application.
  • the application program login method provided in the embodiment of the present application is applicable to a mobile terminal.
  • the mobile terminal includes but is not limited to: a smart phone, a palmtop computer, a notebook, a wearable device, and the like.
  • the term “if” may be interpreted as “when” or “once” or “in response to determination” or “in response to detection” depending on the context .
  • the phrase “if determined” or “if [described condition or event] is detected” can be interpreted in the context to mean “once determined” or “in response to a determination” or “once detected [described condition or event ] “Or” In response to detection of [the described condition or event] ".
  • Embodiment 1 of the present application The application login method is applied to a mobile terminal in which a target application is installed, please refer to FIG. 1, the application in Embodiment 1 of the present application Login methods include:
  • step S101 read the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
  • the login account described in step S101 is specifically the login account used to log in to the target application.
  • the login account described in step S101 may be a login account in the form of “user name + password”, for example, the user name is sunshine and the password is 12345; or, the login account described in step S101 may also be a phone number, for example, 13588888888; or, it can also be an ID number, for example, 411XXX19950808XXXX.
  • the specific form of the login account is not limited in this application.
  • TEE Trusted Execution Environment
  • REE Rich Execution Environment
  • TEE trusted Execution Environment
  • Programs running based on REE will share the same hardware resources when running. Therefore, the data in the program based on REE can be easily stolen.
  • TEE is another operating environment that is different from REE.
  • the hardware resources occupied by TEE code at runtime are completely different from the hardware resources occupied by REE code at runtime. For TEE code, it can run at runtime. In terms of the hardware resources accessed, the code of REE is inaccessible at runtime.
  • the memory of the above-mentioned trusted execution environment TEE is a memory that can only be accessed by the code of TEE, and programs running based on TEE are often It is a program specified by the mobile terminal manufacturer. Not every program installed in a mobile terminal can be run based on TEE. Therefore, programs running on TEE are less likely to be stolen than programs running on REE.
  • reading and writing data to the TEE memory in the mobile terminal can often only be performed by a program specified by the mobile terminal manufacturer of the mobile terminal, so the data in the TEE memory is difficult It is difficult to be written by illegal programs if it is read by illegal programs. Therefore, if the login account of an application is stored in the TEE memory, the login account is very difficult to be stolen and modified.
  • users are required to actively memorize the login accounts of different applications. Users often record each login account in a paper file or an electronic file. This recording method is different from recording the login account in TEE's memory. Compared with it, obviously the security level is lower. Therefore, this application provides a more secure way to log in to the account.
  • the login account for logging in to the above target application needs to be stored in the TEE memory of the mobile terminal in advance, because reading and writing data to the TEE memory can often only be performed by the program specified by the mobile terminal manufacturer Therefore, in order to write the login account into the TEE memory, a preset program can be developed in advance.
  • the preset program is certified by the mobile terminal manufacturer and can write data to the TEE memory.
  • the preset program fill in the login account for logging in to the above target application on the interface provided by the preset program. After receiving the login account filled in by the user, the preset program writes the login account filled in by the user into the TEE memory ( Through the preset program, any user can be allowed to write data into the TEE memory.
  • the preset program first encrypts the received login account after receiving the login account, and then The encrypted login account is transferred to TEE's memory, which is decrypted by a decryption program based on TEE. In this way, the login account is encrypted during the transfer to TEE's memory, so it can be to a certain extent.
  • the preset program may also be a program running based on TEE.
  • the target application in order to write the login account into the TEE memory, in addition to the way in which the user fills in the login account through the above-mentioned preset program, the target application can also be logged in through the method shown in FIG. 2
  • the login account is written into TEE's memory.
  • the mobile terminal writes the login account for logging in to the target application into the TEE memory by executing steps S201-S203.
  • step S201 sending login account request information to the second server, the login account request information is used to instruct the second server to search for the login account;
  • step S202 receiving the login account feedback information returned by the second server, the login account feedback information includes the login account;
  • step S203 based on the feedback information of the login account, write the login account into the memory of the TEE;
  • the login account for logging in to the target application is saved through the second server, and the mobile terminal communicates with the second server to obtain the login account, and write the acquired login account into the TEE memory .
  • the procedures for implementing the above steps S201-S203 need to write data into the TEE memory, so the procedures for implementing the above steps S201-S203 also need to be authenticated by the mobile terminal manufacturer.
  • the above steps S201-S203 may also be a program running based on TEE; or, in the process of writing the login account into the TEE memory, The login account is encrypted and decrypted by a decryption program based on TEE. In this way, the login account is encrypted during the transfer to the TEE memory, which can reduce the writing of the login account to the TEE memory to a certain extent. The possibility of being stolen login account by illegal program during the process.
  • the mobile terminal obtains the login account of the login target application through the above steps S201-S203, it needs to communicate with the second server, in order to avoid mutual communication between the mobile terminal and the second server
  • the data is intercepted illegally, and the data communicated with each other can be encrypted.
  • the feedback information of the login account is obtained by the second server through encryption processing using a preset first encryption rule; accordingly, the above step S203 includes: The decryption rule corresponding to the encryption rule decrypts the feedback information of the login account to obtain the login account, and writes the login account into the TEE memory.
  • the step S101 may be executed when the user starts the target application, for example, when the user clicks the icon of the target application on the desktop of the mobile terminal, the mobile terminal executes the step S101 to obtain the TEE memory location.
  • the saved login account for logging into the target application if the login account for logging in to the target application is not obtained from the TEE memory, the user may be reminded to start the preset program or the mobile terminal automatically starts the preset program to obtain the user manual
  • the input login account for logging in to the target application or, performing the above steps S201-S203 to obtain the login account for logging in to the target application.
  • step S102 the above login account is sent to the first server to instruct the first server to determine whether the above login account is a registered account for logging in to the target application;
  • the login account read in step S101 is sent to the first server, where the first server may be the same as the target application A server corresponding to the program, and each registered account for logging in to the target application program is stored in the first server.
  • the mobile terminal sends the login account read in step S101 to the first server to instruct the first server to verify the login account, and the first server determines whether the login account is used to log in to the target application Register an account and return the judgment result to the mobile terminal.
  • this step S102 may include:
  • the encrypted login account is sent to the first server to instruct the first server to determine whether the login account is a registered account for logging in to the target application.
  • step S103 receiving the judgment result returned by the first server
  • step S103 may include: after sending the login account to the first server, detecting whether a judgment result returned by the first server is received within a preset time period (such as 5 milliseconds); if If the judgment result returned by the first server is received within the preset time period, the subsequent step S104 is executed; if the judgment result returned by the first server is not received within the preset time period, the judgment is sent to the first Whether the number of times the server sends the login account reaches the preset number; if it does not arrive, return to step S102, and send the login account read in step S101 to the first server again; if the preset number of times is reached, the user is reminded that he cannot connect Network, so it is not possible to log in to the target application.
  • a preset time period such as 5 milliseconds
  • step S104 if the result of the determination indicates that the login account is a registered account for logging in to the target application, log in to the target application;
  • the target application if the judgment result returned by the first server indicates that the login account read in step S101 is a registered account for logging in to the target application, the target application is automatically logged in; otherwise, if the above judgment The result indicates that the login account is not a registered account used to log in to the target application, and then prompt information is generated, and the prompt information is used to prompt the user that the target application cannot be logged in.
  • the application login method provided in the first embodiment of the present application needs to read the login account saved in the TEE memory. Therefore, the procedures for implementing the steps of the first embodiment of the present application can be authenticated by the mobile terminal manufacturer, thereby making the first embodiment of the present application
  • the provided method can realize reading data in the TEE memory.
  • the steps described in the first embodiment of the present application can also be completely implemented by the target application, and the mobile terminal can provide the target application with a preset interface function.
  • the target application You can call the preset interface function to read data from the TEE memory. Since the program to read the data in the TEE memory must be authenticated by the mobile terminal manufacturer, the developer of the target application must contact the mobile terminal in advance. The manufacturer communicates and applies to call the preset interface function of the mobile terminal, so as to read the data in the TEE memory of the mobile terminal.
  • Embodiment 1 of the present application provides an application login method, which automatically reads the login account from the memory of the trusted execution environment TEE when logging in to the target application, and automatically logs in to the target application when the login account is legal Because the data read and write of the TEE memory can often only be performed by the program specified by the mobile terminal manufacturer, the data in the TEE memory is difficult to be read by illegal programs (that is, it is difficult to be stolen), and it is also difficult to be Illegal program writing (even if it is stolen by an illegal user, it is difficult to write to the memory of the TEE in the mobile terminal of the illegal user), so the login account saved in the memory of the TEE in the mobile terminal has a high degree of credibility Once the login account saved in TEE's memory is successfully verified, it largely indicates that the user who uses the target application is a legitimate user (because the login account is saved in TEE's memory, the stolen account The possibility is very low, even if it is stolen, it is difficult to write into the TEE memory of the mobile terminal of the illegal
  • the login account is easily obtained by illegal users (for example, the login method of the phone number and SMS verification code is used as an example.
  • the illegal user can obtain the international mobile user identification code IMSI of the legal user by broadcasting, and then pass the legal
  • the user's IMSI obtains the legal user's phone number, and intercepts the SMS verification code to obtain the legal user's phone number and SMS verification code
  • the traditional login method requires the user to manually enter the login account, the manual input process is very unsafe, It is easy for illegal users to use tools such as cameras to steal the user ’s login account. Therefore, traditional login accounts are more likely to be stolen.
  • the login method provided in this application is more secure than the traditional login method, and can improve the security of login to a certain extent.
  • the login method provided by the present application avoids manually inputting a login account. Therefore, compared with the traditional login method, the user's operation steps can be reduced to a certain extent, and the user experience can be improved.
  • Embodiment 2 of the present application The following describes another application login method provided in Embodiment 2 of the present application.
  • the application login method is applied to a mobile terminal in which a target application is installed.
  • the login account in the technical solution provided in the first embodiment is specifically limited to the phone number corresponding to the mobile terminal.
  • the application login method in the second embodiment of the present application includes:
  • step S301 obtain the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the SIM card of the user identification module in the mobile terminal;
  • the phone number of the mobile terminal is the IMEI (International Mobile Equipment Identification) of the mobile terminal or the SIM (Subscriber Identification Module, user identification mode) card installed in the mobile terminal.
  • Mobile Subscriber Identification International Mobile Subscriber Identification Number
  • login account request information is generated according to the IMEI or the IMSI, where the login account request information includes the IMEI or the IMSI;
  • the mobile terminal After acquiring the IMEI of the mobile terminal and the IMSI of the SIM card in the mobile terminal, the mobile terminal uses the IMEI or IMSI to generate login account request information.
  • step S303 the above login account request information is sent to the second server, and the login account request information is used to instruct the second server to search for the phone number corresponding to the IMEI or IMSI;
  • the above-mentioned second server may store a preset correspondence table, which records correspondence information between different IMEIs and phone numbers or correspondence information between different IMSIs and phone numbers.
  • the second server After receiving the login account request information, the second server extracts the IMEI or IMSI in the login account request information, and according to the IMEI or the IMSI, searches for a corresponding phone number in a preset correspondence table, and searches for The received phone number is returned to the above mobile terminal.
  • step S304 receiving login account feedback information returned by the second server, the login account feedback information includes the phone number;
  • the communication data between the mobile terminal and the second server may be encrypted.
  • the second server encrypts the login account feedback information to ensure that the phone number in the login information feedback information is not intercepted by illegal users.
  • step S305 according to the login account feedback information, write the phone number into the memory of the trusted execution environment TEE in the mobile terminal;
  • the phone number needs to be written into the TEE memory of the mobile terminal. Therefore, the procedure for implementing the above steps S301-S305 needs to be authenticated by the mobile terminal manufacturer.
  • the login account is stolen by an illegal program.
  • the above steps S301-S305 may be a program running based on TEE; The number is encrypted and decrypted by a decryption program based on TEE. In this way, the phone number is encrypted in the process of being transferred to TEE's memory, which can reduce the number of phone numbers written into TEE's memory to a certain extent. In the process, the possibility of the login account being stolen by an illegal program.
  • steps S301-S305 are not executed together with the subsequent steps S306-S309 every time.
  • the steps S301-S305 may only be executed when the user changes the phone number, for example, when detected to indicate that the user has
  • the IMEI of the mobile terminal or the IMSI of the SIM card in the mobile terminal is obtained (for example, when the mobile terminal detects that the user removes the SIM card and inserts the SIM again, a trigger signal is generated so that The mobile terminal re-acquires the IMEI of the mobile terminal or the IMSI of the replaced SIM card).
  • the IMEI of the mobile terminal may not be bound to the replaced mobile phone number. Therefore, the IMEI of the mobile terminal may not obtain the correct phone number, so
  • the operator in order to ensure that the replaced phone number can be obtained through IMEI when the user replaces the SIM card, the operator should update the IMEI and mobile terminal IMEI of the second server in time before delivering the user's new SIM Correspondence of phone numbers.
  • step S306 read the phone number stored in the memory of the TEE
  • step S307 the above-mentioned phone number is sent to the first server to instruct the first server to perform judgment to determine whether the phone number is a registered account for logging in to the target application;
  • step S308 receive the judgment result returned by the first server
  • step S309 if the result of the determination indicates that the phone number is a registered account for logging in to the target application, log in to the target application.
  • the login method based on the phone number is supported. Therefore, in the second embodiment of the present application, it can be determined whether the phone number of the mobile terminal is the registered account for logging in to the target application , If yes, log in to the target application.
  • the second embodiment of the present application only restricts the login account to the phone number, except that the above steps S306-S309 are exactly the same as the steps S101-S104 in the first embodiment.
  • the above steps S306-S309 are exactly the same as the steps S101-S104 in the first embodiment.
  • the login account described in the first embodiment is limited to the user name and password, it will occupy a large TEE memory space for the following reasons: for the same user, different applications often log in with different user names and passwords, For example, the user name for Huawei's login to WeChat is: xiaoming and the password is: 123, but the user name for logging in to Taobao is: xiaomifeng and the password is: happy123.
  • the account number is limited to the user name and password, which will occupy a large amount of storage space in the TEE memory.
  • the login account in the first embodiment is limited to a phone number.
  • the second embodiment of the present application is the same as the first embodiment, and can also improve the security of login to a certain extent, and can reduce the operation steps of the user when logging in to the application to a certain extent.
  • Embodiment 3 of the present application provides an application program login device.
  • the application program login device is applied to a mobile terminal.
  • the application program login device 400 includes:
  • the account reading module 401 is used to read the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
  • the account sending module 402 is used to send the login account to the first server to instruct the first server to perform the judgment whether the login account is a registered account for logging in to the target application;
  • a result receiving module 403, configured to receive the judgment result returned by the first server
  • the first login module 404 is configured to log in to the target application if the judgment result indicates that the login account is a registered account for logging in to the target application.
  • the above application login device 400 further includes:
  • the account request module is used to send login account request information to the second server, and the login account request information is used to instruct the second server to search for the login account;
  • An account receiving module configured to receive feedback information of the login account returned by the second server, and the feedback information of the login account includes the login account;
  • the account writing module is configured to write the login account into the TEE memory according to the login account feedback information.
  • the login account feedback information is information obtained by the second server through encryption processing using a preset first encryption rule
  • the account writing module is specifically used to decrypt the login account feedback information according to the decryption rule corresponding to the first encryption rule to obtain the login account and write the login account into the TEE In memory.
  • the login account is a phone number corresponding to the mobile terminal
  • the above account request module includes:
  • An identification code acquiring unit configured to acquire the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the user identification mode SIM card in the mobile terminal;
  • a request information generating unit configured to generate the login account request information according to the IMEI or the IMSI, wherein the login account request information includes the IMEI or the IMSI;
  • the request information sending unit is configured to send the login account request information to the second server, and the login account request information is used to instruct the second server to search for a phone number corresponding to the IMEI or the IMSI.
  • the identification code acquiring unit is specifically configured to: when detecting a trigger signal indicating that the user has completed the replacement of the SIM card, acquire the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user of the SIM card Identification code IMSI.
  • the above account sending module 402 includes:
  • An account encryption unit for encrypting the above login account using a preset second encryption rule to obtain an encrypted login account after the encryption process
  • the encrypted account sending unit is configured to send the encrypted login account to the first server to instruct the first server to determine whether the login account is a registered account for logging in to the target application.
  • the above application login device 400 further includes:
  • the second login module is configured to generate prompt information if the judgment result indicates that the login account is not a registered account for logging in to the target application, and the prompt information is used to prompt the user that the target application cannot be logged in.
  • the account reading module 401 is specifically configured to: when it is detected that the user starts the target application, read the login account saved in the memory of the TEE in the mobile terminal.
  • the account reading module 401 is specifically configured to: when it is detected that the user starts the target application, read the login account saved in the memory of the TEE in the mobile terminal by calling a preset interface function.
  • FIG. 5 is a schematic diagram of a mobile terminal provided in Embodiment 4 of the present application.
  • the mobile terminal 5 of this embodiment includes: a processor 50, a preset memory 51 and a computer program 52 stored in the preset memory 51 and executable on the processor 50.
  • the processor 50 executes the computer program 52, the steps in the above method embodiments are implemented, for example, steps 101 to 104 shown in FIG. 1.
  • the processor 50 executes the computer program 52
  • the functions of the modules / units in the foregoing device embodiments are realized, for example, the functions of the modules 401 to 404 shown in FIG. 4.
  • the computer program 52 may be divided into one or more modules / units, the one or more modules / units are stored in the preset memory 51, and executed by the processor 50 to complete the application .
  • the one or more modules / units may be a series of computer program instruction segments capable of performing specific functions.
  • the instruction segments are used to describe the execution process of the computer program 52 in the mobile terminal 5.
  • the above-mentioned computer program 52 may be divided into an account reading module, an account sending module, a result receiving module, and a first login module.
  • the specific functions of each module are as follows:
  • the judgment result indicates that the login account is a registered account for logging in to the target application, log in to the target application.
  • the above mobile terminal may include, but is not limited to, the processor 50 and the preset memory 51.
  • FIG. 5 is only an example of the mobile terminal 5 and does not constitute a limitation on the mobile terminal 5, and may include more or fewer components than those illustrated, or combine certain components, or different components
  • the above mobile terminal may further include input and output devices, network access devices, buses, and the like.
  • the so-called processor 50 may be a central processing unit (Central Processing Unit, CPU), or other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field-programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the preset memory 51 may be an internal storage unit of the mobile terminal 5, such as a hard disk or a memory of the mobile terminal 5.
  • the preset memory 51 may also be an external storage device of the mobile terminal 5, such as a plug-in hard disk equipped on the mobile terminal 5, a smart memory card (Smart Media (SMC), a secure digital (SD) card) , Flash card (Flash Card), etc.
  • the preset memory 51 may also include both the internal storage unit of the mobile terminal 5 and an external storage device.
  • the preset memory 51 is used to store the computer program and other programs and data required by the mobile terminal.
  • the preset memory 51 can also be used to temporarily store data that has been output or is to be output.
  • each functional unit and module is used as an example for illustration.
  • the above-mentioned functions may be allocated by different functional units
  • Module completion means that the internal structure of the above device is divided into different functional units or modules to complete all or part of the functions described above.
  • the functional units and modules in the embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above integrated unit may use hardware It can also be implemented in the form of software functional units.
  • the specific names of each functional unit and module are only for the purpose of distinguishing each other, and are not used to limit the protection scope of the present application.
  • the disclosed device and method may be implemented in other ways.
  • the system embodiments described above are only schematic.
  • the division of the above-mentioned modules or units is only a division of logical functions.
  • there may be other divisions for example, multiple units or components may be combined Or it can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • the above integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • the present application can implement all or part of the processes in the methods of the above embodiments, and can also be completed by instructing relevant hardware through a computer program.
  • the above computer program can be stored in a computer-readable storage medium, and the computer program When executed by the processor, the steps of the foregoing method embodiments may be implemented.
  • the above-mentioned computer program includes computer program code, and the above-mentioned computer program code may be in the form of source code, object code, executable file or some intermediate form.
  • the above-mentioned computer-readable storage medium may include: any entity or device capable of carrying the above-mentioned computer program code, recording medium, U disk, removable hard disk, magnetic disk, optical disk, computer-readable memory, read-only memory (ROM, Read-Only Memory) ), Random Access Memory (RAM, Random Access Memory), electrical carrier signals, telecommunications signals and software distribution media, etc.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • electrical carrier signals telecommunications signals and software distribution media, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An application program login method, an application program login device and a mobile terminal, the method comprising: reading a login account saved in a memory of a trusted execution environment (TEE) in a mobile terminal (S101); sending the login account to a first server to indicate the first server to execute determination of whether the login account is a registered account used for logging into a target application program (S102); receiving a determination result returned by the first server (S103); and if the determination result indicates that the login account is the registered account used for logging into the target application program, logging into the target application program (S104). By means of the described method, the security of login of an application program may be improved to some extent, and operation steps when a user logs into an application program are reduced, thereby improving user experience.

Description

一种应用程序登录方法、应用程序登录装置及移动终端Application program login method, application program login device and mobile terminal 技术领域Technical field
本申请属于电子技术领域,尤其涉及一种应用程序登录方法、应用程序登录装置、移动终端及计算机可读存储介质。The present application belongs to the field of electronic technology, and particularly relates to an application program login method, an application program login device, a mobile terminal, and a computer-readable storage medium.
背景技术Background technique
对于移动终端中的大多数应用程序而言,为保障用户的隐私安全,在用户使用某一应用程序之前,均需要用户首先登录该应用程序。目前常用的登录方法为:用户在登录界面填写登录账号(比如,填写电话号码以及短信验证码),应用程序验证用户填写的登录账号是否合法,若合法则登录该应用程序,否则,则禁止登录该应用程序。For most applications in the mobile terminal, in order to ensure the privacy of the user, before the user uses an application, the user is required to log in to the application first. At present, the commonly used login method is: the user fills in the login account on the login interface (for example, fills in the phone number and SMS verification code), the application verifies whether the login account filled in by the user is legal, and if it is legal, logs in to the application, otherwise, login The application.
发明内容Summary of the invention
本申请提供了一种应用程序登录方法、应用程序登录装置、移动终端及计算机可读存储介质,可以在一定程度上提高应用程序登录的安全性。This application provides an application program login method, an application program login device, a mobile terminal, and a computer-readable storage medium, which can improve the security of application program login to a certain extent.
本申请第一方面提供了一种应用程序登录方法,应用于移动终端,包括:The first aspect of this application provides an application login method, which is applied to a mobile terminal and includes:
读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号;Reading the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
将上述登录账号发送至第一服务器,以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号;Sending the login account to the first server to instruct the first server to determine whether the login account is a registered account for logging in to the target application;
接收上述第一服务器返回的判断结果;Receiving the judgment result returned by the first server;
若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号,则登录上述目标应用程序。If the judgment result indicates that the login account is a registered account for logging in to the target application, log in to the target application.
本申请第二方面提供了一种移动终端,包括预设存储器、处理器以及存储在上述预设存储器中并可在上述处理器上运行的计算机程序,上述处理器执行上述计算机程序时实现如下步骤:A second aspect of the present application provides a mobile terminal, including a preset memory, a processor, and a computer program stored in the preset memory and executable on the processor, and the processor implements the following steps when executing the computer program :
读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号;Reading the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
将上述登录账号发送至第一服务器,以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号;Sending the login account to the first server to instruct the first server to determine whether the login account is a registered account for logging in to the target application;
接收上述第一服务器返回的判断结果;Receiving the judgment result returned by the first server;
若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号,则登录上述目标应用程序。If the judgment result indicates that the login account is a registered account for logging in to the target application, log in to the target application.
本申请第三方面提供了一种应用程序登录装置,应用于移动终端,包括:The third aspect of the present application provides an application login device, which is applied to a mobile terminal and includes:
账号读取模块,用于读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号;The account reading module is used to read the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
账号发送模块,用于将上述登录账号发送至第一服务器,以指示上述第一服务器执行 判断上述登录账号是否为用于登录目标应用程序的已注册账号;The account sending module is used to send the above login account to the first server to instruct the first server to perform the judgment whether the above login account is a registered account for logging in to the target application;
结果接收模块,用于接收上述第一服务器返回的判断结果;A result receiving module, configured to receive the judgment result returned by the first server;
第一登录模块,用于若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号,则登录上述目标应用程序。The first login module is configured to log in to the target application if the judgment result indicates that the login account is a registered account for logging in to the target application.
本申请第四方面提供了一种计算机可读存储介质,上述计算机可读存储介质存储有计算机程序,上述计算机程序被处理器执行时实现如上述第一方面方法的步骤。A fourth aspect of the present application provides a computer-readable storage medium. The computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps of the method of the first aspect described above are implemented.
本申请第五方面提供了一种计算机程序产品,上述计算机程序产品包括计算机程序,上述计算机程序被一个或多个处理器执行时实现如上述第一方面方法的步骤。A fifth aspect of the present application provides a computer program product. The computer program product includes a computer program. When the computer program is executed by one or more processors, the steps of the method of the first aspect described above are implemented.
附图说明BRIEF DESCRIPTION
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings required in the embodiments or the description of the prior art. Obviously, the drawings in the following description are only for the application In some embodiments, for those of ordinary skill in the art, without paying creative labor, other drawings may be obtained based on these drawings.
图1是本申请实施例一提供的一种应用程序登录方法的实现流程示意图;1 is a schematic diagram of an implementation process of an application login method provided in Embodiment 1 of the present application;
图2是本申请实施例一提供的一种将登录账号写入TEE的存储器的实现方法流程图;2 is a flowchart of an implementation method for writing a login account to a TEE memory provided by Embodiment 1 of the present application;
图3是本申请实施例二提供的另一种应用程序登录方法的实现流程示意图;3 is a schematic flowchart of another application login method provided in Embodiment 2 of the present application;
图4是本申请实施例三提供的一种应用程序登录装置的结构示意图;4 is a schematic structural diagram of an application login device provided in Embodiment 3 of the present application;
图5是本申请实施例四提供的移动终端的结构示意图。5 is a schematic structural diagram of a mobile terminal provided in Embodiment 4 of the present application.
具体实施方式detailed description
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, for the purpose of illustration rather than limitation, specific details such as specific system structure and technology are proposed to thoroughly understand the embodiments of the present application. However, those skilled in the art should understand that the present application can also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted to avoid unnecessary details hindering the description of the present application.
本申请实施例提供的应用程序登录方法适用于移动终端,示例性地,该移动终端包括但不限于:智能手机、掌上电脑、笔记本、可穿戴设备等。The application program login method provided in the embodiment of the present application is applicable to a mobile terminal. Exemplarily, the mobile terminal includes but is not limited to: a smart phone, a palmtop computer, a notebook, a wearable device, and the like.
应当理解,当在本说明书和所附权利要求书中使用时,术语“包括”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It should be understood that when used in this specification and the appended claims, the term "comprising" indicates the presence of described features, integers, steps, operations, elements, and / or components, but does not exclude one or more other features , Wholes, steps, operations, elements, components and / or their existence or addition.
还应当理解,在此本申请说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本申请。如在本申请说明书和所附权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。It should also be understood that the terminology used in the description of this application is for the purpose of describing particular embodiments only and is not intended to limit this application. As used in the specification of the present application and the appended claims, unless the context clearly indicates otherwise, the singular forms "a", "an", and "the" are intended to include the plural forms.
还应当进一步理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关 联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should also be further understood that the term "and / or" used in the specification of the present application and the appended claims refers to any and all possible combinations of one or more of the associated listed items and includes these combinations .
如在本说明书和所附权利要求书中所使用的那样,术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。类似地,短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in this specification and the appended claims, the term "if" may be interpreted as "when" or "once" or "in response to determination" or "in response to detection" depending on the context . Similarly, the phrase "if determined" or "if [described condition or event] is detected" can be interpreted in the context to mean "once determined" or "in response to a determination" or "once detected [described condition or event ] "Or" In response to detection of [the described condition or event] ".
另外,在本申请的描述中,术语“第一”、“第二”等仅用于区分描述,而不能理解为指示或暗示相对重要性。In addition, in the description of the present application, the terms "first", "second", etc. are only used to distinguish the description and cannot be understood as indicating or implying relative importance.
为了说明本申请上述的技术方案,下面通过具体实施例来进行说明。In order to explain the above technical solutions of the present application, the following will be described by specific embodiments.
实施例1Example 1
下面对本申请实施例一提供的应用程序登录方法进行描述,该应用程序登录方法应用于移动终端,该移动终端中安装有目标应用程序,请参阅附图1,本申请实施例一中的应用程序登录方法包括:The following describes the application login method provided in Embodiment 1 of the present application. The application login method is applied to a mobile terminal in which a target application is installed, please refer to FIG. 1, the application in Embodiment 1 of the present application Login methods include:
在步骤S101中,读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号;In step S101, read the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
该步骤S101所述的登录账号具体为用于登录上述目标应用程序的登录账号。该步骤S101所述的登录账号可以是“用户名+密码”形式的登录账号,比如,用户名为sunshine,密码为12345;或者,该步骤S101所述的登录账号也可以是电话号码,比如,13588888888;或者,还可以是身份证号码,比如,411XXX19950808XXXX,本申请对登录账号的具体形式不作限定。The login account described in step S101 is specifically the login account used to log in to the target application. The login account described in step S101 may be a login account in the form of “user name + password”, for example, the user name is sunshine and the password is 12345; or, the login account described in step S101 may also be a phone number, for example, 13588888888; or, it can also be an ID number, for example, 411XXX19950808XXXX. The specific form of the login account is not limited in this application.
目前,对于许多移动终端而言,都能够同时支持丰富执行环境(Rich Execution Environment,REE)以及可信执行环境(Trusted Execution Environment,TEE),基于REE运行的程序在运行时会共用相同的硬件资源,因此,基于REE运行的程序中的数据很容易被盗取。TEE是不同于REE的另一种运行环境,TEE的代码在运行时所占用的硬件资源,与REE的代码在运行时所占用的硬件资源是完全不同的,对于TEE的代码在运行时所能访问的硬件资源来说,REE的代码在运行时是无法访问的,在步骤S101中,上述可信执行环境TEE的存储器为只能被TEE的代码访问的存储器,并且,基于TEE运行的程序往往是移动终端厂商规定的程序,并非任意一个安装在移动终端中的程序都能够基于TEE运行。因此,基于TEE运行的程序,相比于基于REE运行的程序来说,数据更不容易被盗取。At present, for many mobile terminals, they can simultaneously support a rich execution environment (Rich Execution Environment, REE) and a trusted execution environment (Trusted Execution Environment, TEE). Programs running based on REE will share the same hardware resources when running. Therefore, the data in the program based on REE can be easily stolen. TEE is another operating environment that is different from REE. The hardware resources occupied by TEE code at runtime are completely different from the hardware resources occupied by REE code at runtime. For TEE code, it can run at runtime. In terms of the hardware resources accessed, the code of REE is inaccessible at runtime. In step S101, the memory of the above-mentioned trusted execution environment TEE is a memory that can only be accessed by the code of TEE, and programs running based on TEE are often It is a program specified by the mobile terminal manufacturer. Not every program installed in a mobile terminal can be run based on TEE. Therefore, programs running on TEE are less likely to be stolen than programs running on REE.
通常情况下,对于一个移动终端而言,对该移动终端中TEE的存储器的数据读写往往只能由该移动终端的移动终端厂商规定的程序执行,因此,该TEE的存储器中的数据很难被非法程序读取,也很难被非法程序写入。所以,若将某一应用程序的登录账号保存在TEE的存储器中,则该登录账号是非常不易被盗取以及修改的。对于传统的登录方法,需要用 户主动记忆各个不同的应用程序的登录账号,用户往往会将各个登录账号记录在纸质文件或者电子文件中,这种记录方式与将登录账号记录在TEE的存储器中相比,显然安全级别更低,因此,本申请提供了一种较为安全的登录账号记录方式。Generally, for a mobile terminal, reading and writing data to the TEE memory in the mobile terminal can often only be performed by a program specified by the mobile terminal manufacturer of the mobile terminal, so the data in the TEE memory is difficult It is difficult to be written by illegal programs if it is read by illegal programs. Therefore, if the login account of an application is stored in the TEE memory, the login account is very difficult to be stolen and modified. For traditional login methods, users are required to actively memorize the login accounts of different applications. Users often record each login account in a paper file or an electronic file. This recording method is different from recording the login account in TEE's memory. Compared with it, obviously the security level is lower. Therefore, this application provides a more secure way to log in to the account.
本申请所提供的技术方案中,需要事先将登录上述目标应用程序的登录账号保存在移动终端中TEE的存储器中,由于对TEE的存储器的数据读写往往只能由移动终端厂商规定的程序执行,因此,为了实现将登录账号写入TEE的存储器中,可以预先开发一预设程序,该预设程序为经移动终端厂商认证的,可以对TEE的存储器写入数据的程序,用户通过开启该预设程序,在该预设程序提供的界面上填写登录上述目标应用程序的登录账号,该预设程序在接收到用户填写的登录账号之后,将用户填写的登录账号写入TEE的存储器中(通过该预设程序能够允许任何用户往TEE的存储器中写入数据,这会使得非法用户在窃取到合法用户的用于登录上述目标应用程序的登录账号之后,也能够通过该预设程序将所窃取的用于登录该目标应用程序的登录账号写入到某个移动终端X的TEE的存储器中,使非法用户能够在该移动终端X中冒充合法用户登录该目标应用程序,因此,在通过该预设程序允许用户往TEE的存储器中写入数据时,可以首先提醒用户上传身份证号、照片等信息,然后,根据用户上传的身份证号、照片等信息,对用户的身份进行验证,在验证通过之后,再允许用户对TEE的存储器进行数据写入)。此外,为了防止上述预设程序在将登录账号写入TEE的存储器的过程中,被非法程序窃取登录账号,该预设程序在接收到登录账号之后,首先对接收到的登录账号进行加密,然后将加密后的登录账号传输至TEE的存储器中,由基于TEE运行的解密程序对其进行解密,这样,登录账号在传递到TEE的存储器的过程中是被加密的,因此,能够在一定程度上降低在将登录账号写入TEE的存储器的过程中,被非法程序窃取登录账号的可能性;此外,为了防止上述预设程序在将登录账号写入TEE的存储器的过程中,被非法程序窃取登录账号,该预设程序也可以是基于TEE运行的程序。In the technical solution provided by this application, the login account for logging in to the above target application needs to be stored in the TEE memory of the mobile terminal in advance, because reading and writing data to the TEE memory can often only be performed by the program specified by the mobile terminal manufacturer Therefore, in order to write the login account into the TEE memory, a preset program can be developed in advance. The preset program is certified by the mobile terminal manufacturer and can write data to the TEE memory. The preset program, fill in the login account for logging in to the above target application on the interface provided by the preset program. After receiving the login account filled in by the user, the preset program writes the login account filled in by the user into the TEE memory ( Through the preset program, any user can be allowed to write data into the TEE memory. This will allow illegal users to steal all legal users ’login accounts used to log in to the target application. The stolen login account used to log in to the target application is written to the TE of a mobile terminal X In the memory of E, an illegal user can be pretended to be a legitimate user in the mobile terminal X to log in to the target application program. Therefore, when the user is allowed to write data into the memory of TEE through the preset program, the user can first be reminded to upload the identity ID number, photo and other information, and then verify the user's identity based on the ID number, photo and other information uploaded by the user, and after the verification is passed, the user is allowed to write data to the TEE memory). In addition, in order to prevent the above-mentioned preset program from stealing the login account by an illegal program during the process of writing the login account into the TEE memory, the preset program first encrypts the received login account after receiving the login account, and then The encrypted login account is transferred to TEE's memory, which is decrypted by a decryption program based on TEE. In this way, the login account is encrypted during the transfer to TEE's memory, so it can be to a certain extent. Reduce the possibility that the login account is stolen by an illegal program during the process of writing the login account into the TEE memory; in addition, in order to prevent the above preset program from being stolen by the illegal program during the process of writing the login account into the TEE memory Account, the preset program may also be a program running based on TEE.
在本申请实施例中,为了将登录账号写入TEE的存储器中,除了用户通过上述预设程序填写登录账号的方式之外,也可以通过附图2所示的方式,将登录上述目标应用程序的登录账号写入到TEE的存储器中。如图2所示,移动终端通过执行步骤S201-S203将登录上述目标应用程序的登录账号写入到TEE的存储器中。In the embodiment of the present application, in order to write the login account into the TEE memory, in addition to the way in which the user fills in the login account through the above-mentioned preset program, the target application can also be logged in through the method shown in FIG. 2 The login account is written into TEE's memory. As shown in FIG. 2, the mobile terminal writes the login account for logging in to the target application into the TEE memory by executing steps S201-S203.
在步骤S201中,发送登录账号请求信息至第二服务器,该登录账号请求信息用于指示上述第二服务器查找该登录账号;In step S201, sending login account request information to the second server, the login account request information is used to instruct the second server to search for the login account;
在步骤S202中,接收上述第二服务器返回的登录账号反馈信息,该登录账号反馈信息中包括该登录账号;In step S202, receiving the login account feedback information returned by the second server, the login account feedback information includes the login account;
在步骤S203中,根据上述登录账号反馈信息,将该登录账号写入到上述TEE的存储器中;In step S203, based on the feedback information of the login account, write the login account into the memory of the TEE;
也即是,通过上述第二服务器来保存登录上述目标应用程序的登录账号,移动终端通过与该第二服务器的通信,实现登录账号的获取,并将获取的登录账号写入到TEE的存储器中。此外,本领域技术人员不难看出,实现上述步骤S201-S203的程序需要向TEE的存储器中写入数据,因此,实现上述步骤S201-S203的程序也需要经过移动终端厂商的认证。另外,为了防止上述步骤S201-S203在执行时,被非法程序窃取登录账号,上述步骤S201-S203也可以是基于TEE运行的程序;或者,在将登录账号写入TEE的存储器的过程中,对登录账号进行加密,由基于TEE运行的解密程序对其进行解密,这样,登录账号在传递到TEE的存储器的过程中是被加密的,能够在一定程度上降低在将登录账号写入TEE的存储器的过程中,被非法程序窃取登录账号的可能性。That is, the login account for logging in to the target application is saved through the second server, and the mobile terminal communicates with the second server to obtain the login account, and write the acquired login account into the TEE memory . In addition, it is not difficult for those skilled in the art to realize that the procedures for implementing the above steps S201-S203 need to write data into the TEE memory, so the procedures for implementing the above steps S201-S203 also need to be authenticated by the mobile terminal manufacturer. In addition, in order to prevent the above steps S201-S203 from being executed, the login account is stolen by an illegal program, the above steps S201-S203 may also be a program running based on TEE; or, in the process of writing the login account into the TEE memory, The login account is encrypted and decrypted by a decryption program based on TEE. In this way, the login account is encrypted during the transfer to the TEE memory, which can reduce the writing of the login account to the TEE memory to a certain extent. The possibility of being stolen login account by illegal program during the process.
本领域技术人员不难看出,当移动终端通过上述步骤S201-S203来获取登录目标应用程序的登录账号时,是需要与第二服务器进行通信的,为了避免移动终端与第二服务器之间相互通信的数据被非法截取,可以对相互之间通信的数据进行加密。比如,为了防止第二服务器返回的登录账号被非法截取,上述登录账号反馈信息为第二服务器利用预设的第一加密规则经加密处理得到;相应地,上述步骤S203包括:根据与上述第一加密规则对应的解密规则,对上述登录账号反馈信息进行解密处理,从而得到登录账号,并将该登录账号写入TEE的存储器中。It is not difficult for those skilled in the art to understand that when the mobile terminal obtains the login account of the login target application through the above steps S201-S203, it needs to communicate with the second server, in order to avoid mutual communication between the mobile terminal and the second server The data is intercepted illegally, and the data communicated with each other can be encrypted. For example, in order to prevent the login account returned by the second server from being intercepted illegally, the feedback information of the login account is obtained by the second server through encryption processing using a preset first encryption rule; accordingly, the above step S203 includes: The decryption rule corresponding to the encryption rule decrypts the feedback information of the login account to obtain the login account, and writes the login account into the TEE memory.
此外,该步骤S101可以是在用户启动上述目标应用程序时执行的,比如,当用户点击移动终端桌面上的该目标应用程序的图标时,移动终端就执行该步骤S101,获取TEE的存储器中所保存的用于登录该目标应用程序的登录账号。此外,在本申请实施例中,若从TEE的存储器中没有获取到登录上述目标应用程序的登录账号时,则可以提醒用户启动上述预设程序或者移动终端自动启动上述预设程序,获取用户手动输入的登录上述目标应用程序的登录账号;或者,执行上述步骤S201-S203,获取登录上述目标应用程序的登录账号。In addition, the step S101 may be executed when the user starts the target application, for example, when the user clicks the icon of the target application on the desktop of the mobile terminal, the mobile terminal executes the step S101 to obtain the TEE memory location. The saved login account for logging into the target application. In addition, in the embodiment of the present application, if the login account for logging in to the target application is not obtained from the TEE memory, the user may be reminded to start the preset program or the mobile terminal automatically starts the preset program to obtain the user manual The input login account for logging in to the target application; or, performing the above steps S201-S203 to obtain the login account for logging in to the target application.
在步骤S102中,将上述登录账号发送至第一服务器中,以指示该第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号;In step S102, the above login account is sent to the first server to instruct the first server to determine whether the above login account is a registered account for logging in to the target application;
在本申请实施例中,在通过步骤S101读取到登录上述目标应用程序的登录账号之后,将步骤S101读取的登录账号发送至第一服务器,其中,该第一服务器可以是与上述目标应用程序对应的服务器,该第一服务器中保存有各个用于登录该目标应用程序的已注册账号。In the embodiment of the present application, after reading the login account for logging in to the target application through step S101, the login account read in step S101 is sent to the first server, where the first server may be the same as the target application A server corresponding to the program, and each registered account for logging in to the target application program is stored in the first server.
移动终端将步骤S101读取的登录账号发送至上述第一服务器中,以指示该第一服务器对该登录账号进行验证,该第一服务器判断该登录账号是否是用于登录该目标应用程序的已注册账号,并返回判断结果至移动终端。The mobile terminal sends the login account read in step S101 to the first server to instruct the first server to verify the login account, and the first server determines whether the login account is used to log in to the target application Register an account and return the judgment result to the mobile terminal.
此外,为了避免移动终端在与该第一服务器之间通信时,登录账号被截取,该步骤S102可以包括:In addition, in order to avoid that the login account is intercepted when the mobile terminal communicates with the first server, this step S102 may include:
利用预设的第二加密规则对上述登录账号进行加密处理,得到加密处理后的加密登录账号;Encrypt the above login account by using a preset second encryption rule to obtain an encrypted login account after the encryption process;
将上述加密登录账号发送至第一服务器,以指示该第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号。The encrypted login account is sent to the first server to instruct the first server to determine whether the login account is a registered account for logging in to the target application.
在步骤S103中,接收上述第一服务器返回的判断结果;In step S103, receiving the judgment result returned by the first server;
在本申请实施例中,该步骤S103可以包括:在将上述登录账号发送至上述第一服务器之后,检测在预设时间段内(比如5毫秒)是否接收上述第一服务器返回的判断结果;若在预设时间段内,接收到上述第一服务器返回的判断结果,则执行后续步骤S104;若在预设时间段内,未接收到上述第一服务器返回的判断结果,则判断向上述第一服务器发送上述登录账号的次数是否达到预设次数;若未到达,则返回步骤S102,再次将步骤S101读取的登录账号发送至第一服务器;若达到上述预设次数,则提醒用户由于无法连接网络,因此无法实现目标应用程序的登录。In the embodiment of the present application, step S103 may include: after sending the login account to the first server, detecting whether a judgment result returned by the first server is received within a preset time period (such as 5 milliseconds); if If the judgment result returned by the first server is received within the preset time period, the subsequent step S104 is executed; if the judgment result returned by the first server is not received within the preset time period, the judgment is sent to the first Whether the number of times the server sends the login account reaches the preset number; if it does not arrive, return to step S102, and send the login account read in step S101 to the first server again; if the preset number of times is reached, the user is reminded that he cannot connect Network, so it is not possible to log in to the target application.
在步骤S104中,若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号,则登录上述目标应用程序;In step S104, if the result of the determination indicates that the login account is a registered account for logging in to the target application, log in to the target application;
在本申请实施例中,若上述第一服务器返回的判断结果指示步骤S101读取的登录账号为用于登录该目标应用程序的已注册账号,则自动登录该目标应用程序;否则,若上述判断结果指示上述登录账号不是用于登录上述目标应用程序的已注册账号,则生成提示信息,该提示信息用于提示用户无法登录该目标应用程序。In the embodiment of the present application, if the judgment result returned by the first server indicates that the login account read in step S101 is a registered account for logging in to the target application, the target application is automatically logged in; otherwise, if the above judgment The result indicates that the login account is not a registered account used to log in to the target application, and then prompt information is generated, and the prompt information is used to prompt the user that the target application cannot be logged in.
本申请实施例一提供的应用程序登录方法需要读取TEE存储器中所保存的登录账号,因此,实现本申请实施例一各个步骤的程序可以经过移动终端厂商的认证,从而使得本申请实施例一提供的方法能够实现读取TEE的存储器中的数据。The application login method provided in the first embodiment of the present application needs to read the login account saved in the TEE memory. Therefore, the procedures for implementing the steps of the first embodiment of the present application can be authenticated by the mobile terminal manufacturer, thereby making the first embodiment of the present application The provided method can realize reading data in the TEE memory.
另外,本申请实施例一所述的各个步骤也可以完全由上述目标应用程序实现,移动终端可以提供给该目标应用程序一预设接口函数,当该目标应用程序在启动时,该目标应用程序可以通过调用该预设接口函数实现对TEE的存储器的数据读取,由于读取TEE的存储器中数据的程序必须经过移动终端厂商的认证,因此,该目标应用程序的开发商需事先与移动终端厂商沟通,申请调用该移动终端的该预设接口函数,实现读取该移动终端的TEE的存储器中的数据。In addition, the steps described in the first embodiment of the present application can also be completely implemented by the target application, and the mobile terminal can provide the target application with a preset interface function. When the target application is started, the target application You can call the preset interface function to read data from the TEE memory. Since the program to read the data in the TEE memory must be authenticated by the mobile terminal manufacturer, the developer of the target application must contact the mobile terminal in advance. The manufacturer communicates and applies to call the preset interface function of the mobile terminal, so as to read the data in the TEE memory of the mobile terminal.
本申请实施例一提供了一种应用程序登录方法,在登录目标应用程序时,自动从可信执行环境TEE的存储器中读取登录账号,并在该登录账号合法时,自动登录该目标应用程序,由于TEE的存储器的数据读写往往只能由移动终端厂商规定的程序执行,因此,该TEE的存储器中的数据很难被非法程序读取(即很难被盗取),也很难被非法程序写入(即便被非法用户盗取,也很难写入非法用户的移动终端中TEE的存储器中),所以,保存在移 动终端中TEE的存储器中的登录账号具有很高的可信度,一旦保存在TEE的存储器中的登录账号被验证成功,则很大程度上说明了使用该目标应用程序的用户为合法用户(因为登录账号被保存在TEE的存储器中,因此,被盗取的可能性很低,即便被盗取,也很难写入非法用户的移动终端的TEE存储器中)。而传统的登录方式,登录账号很容易被非法用户获取(以电话号码以及短信验证码的登录方法举例说明,非法用户可通过广播的方式,获取合法用户的国际移动用户识别码IMSI,进而通过合法用户的IMSI获取合法用户的电话号码,同时截取短信验证码,即可获得合法用户的电话号码以及短信验证码),并且传统的登录方式需要用户手动输入登录账号,手动输入的过程很不安全,很容易被非法用户利用摄像头等工具偷看到用户输入的登录账号,所以,传统的登录账号较为容易被窃取,此外,对于传统的登录方法来说,一旦合法用户的登录账号被窃取,非法用户就可通过手动输入窃取的登录账号,冒充合法用户登录该目标应用程序,因此,对于传统的登录方式,即便登录账号验证成功,也不能说明使用该目标应用程序的用户就是合法用户(因为存在登录账号被窃取的可能)。综上,本申请所提供的登录方法,相比于传统的登录方法,更加安全,能够在一定程度上提高登录的安全性。此外,本申请所提供的登录方法,避免了手动输入登录账号,因此,相比于传统的登录方法,也可以在一定程度上减少了用户的操作步骤,能够提高用户体验。Embodiment 1 of the present application provides an application login method, which automatically reads the login account from the memory of the trusted execution environment TEE when logging in to the target application, and automatically logs in to the target application when the login account is legal Because the data read and write of the TEE memory can often only be performed by the program specified by the mobile terminal manufacturer, the data in the TEE memory is difficult to be read by illegal programs (that is, it is difficult to be stolen), and it is also difficult to be Illegal program writing (even if it is stolen by an illegal user, it is difficult to write to the memory of the TEE in the mobile terminal of the illegal user), so the login account saved in the memory of the TEE in the mobile terminal has a high degree of credibility Once the login account saved in TEE's memory is successfully verified, it largely indicates that the user who uses the target application is a legitimate user (because the login account is saved in TEE's memory, the stolen account The possibility is very low, even if it is stolen, it is difficult to write into the TEE memory of the mobile terminal of the illegal user). In the traditional login method, the login account is easily obtained by illegal users (for example, the login method of the phone number and SMS verification code is used as an example. The illegal user can obtain the international mobile user identification code IMSI of the legal user by broadcasting, and then pass the legal The user's IMSI obtains the legal user's phone number, and intercepts the SMS verification code to obtain the legal user's phone number and SMS verification code), and the traditional login method requires the user to manually enter the login account, the manual input process is very unsafe, It is easy for illegal users to use tools such as cameras to steal the user ’s login account. Therefore, traditional login accounts are more likely to be stolen. In addition, for traditional login methods, once a legitimate user ’s login account is stolen, the illegal user You can manually enter the stolen login account and pretend to be a legitimate user to log in to the target application. Therefore, for traditional login methods, even if the login account is successfully verified, it cannot be stated that the user using the target application is a legitimate user (because there is a login account number Theft possible). In summary, the login method provided in this application is more secure than the traditional login method, and can improve the security of login to a certain extent. In addition, the login method provided by the present application avoids manually inputting a login account. Therefore, compared with the traditional login method, the user's operation steps can be reduced to a certain extent, and the user experience can be improved.
实施例2Example 2
下面对本申请实施例二提供的另一种应用程序登录方法进行描述,同实施例一相同,该应用程序登录方法应用于移动终端,该移动终端中安装有目标应用程序。The following describes another application login method provided in Embodiment 2 of the present application. As in Embodiment 1, the application login method is applied to a mobile terminal in which a target application is installed.
本申请实施例二所提供的技术方案中,将实施例一所提供的技术方案中的登录账号具体限定为上述移动终端对应的电话号码。请参阅附图3,本申请实施例二中的应用程序登录方法包括:In the technical solution provided in the second embodiment of the present application, the login account in the technical solution provided in the first embodiment is specifically limited to the phone number corresponding to the mobile terminal. Referring to FIG. 3, the application login method in the second embodiment of the present application includes:
在步骤S301中,获取上述移动终端的国际移动设备标识码IMEI或者上述移动终端中用户识别模块SIM卡的国际移动用户识别码IMSI;In step S301, obtain the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the SIM card of the user identification module in the mobile terminal;
通常情况下,移动终端的电话号码是与该移动终端的IMEI(International Mobile Equipment Identification,国际移动设备识别码)或者该移动终端中安装的SIM(Subscriber Identification Module,用户识别模式)卡的IMSI(International Mobile Subscriber Identification,国际移动用户识别码)对应的,因此,可以首先获取该移动终端的IMEI或者该移动终端中的SIM卡的IMSI,以便后续通过该IMEI或者IMSI获得该移动终端的电话号码。Usually, the phone number of the mobile terminal is the IMEI (International Mobile Equipment Identification) of the mobile terminal or the SIM (Subscriber Identification Module, user identification mode) card installed in the mobile terminal. Mobile Subscriber Identification (International Mobile Subscriber Identification Number) corresponds, therefore, you can first obtain the IMEI of the mobile terminal or the IMSI of the SIM card in the mobile terminal, so as to obtain the phone number of the mobile terminal through the IMEI or IMSI.
在步骤S302中,根据上述IMEI或者上述IMSI,生成登录账号请求信息,其中,该登录账号请求信息中包括上述IMEI或者上述IMSI;In step S302, login account request information is generated according to the IMEI or the IMSI, where the login account request information includes the IMEI or the IMSI;
在获取到移动终端的IMEI以及该移动终端中SIM卡的IMSI之后,该移动终端利用该IMEI或者IMSI生成登录账号请求信息。After acquiring the IMEI of the mobile terminal and the IMSI of the SIM card in the mobile terminal, the mobile terminal uses the IMEI or IMSI to generate login account request information.
在步骤S303中,发送上述登录账号请求信息至第二服务器,该登录账号请求信息用于指示该第二服务器查找与该IMEI或者IMSI对于的电话号码;In step S303, the above login account request information is sent to the second server, and the login account request information is used to instruct the second server to search for the phone number corresponding to the IMEI or IMSI;
上述第二服务器中可以保存有预设的对应关系表,该对应关系表中记录有各个不同的IMEI与电话号码的对应关系信息或者各个不同的IMSI与电话号码的对应关系信息。该第二服务器接收到上述登录账号请求信息之后,提取该登录账号请求信息中的IMEI或者IMSI,并根据该IMEI或者该IMSI,在预设的对应关系表中查找对应的电话号码,并将查找到的电话号码返回至上述移动终端。The above-mentioned second server may store a preset correspondence table, which records correspondence information between different IMEIs and phone numbers or correspondence information between different IMSIs and phone numbers. After receiving the login account request information, the second server extracts the IMEI or IMSI in the login account request information, and according to the IMEI or the IMSI, searches for a corresponding phone number in a preset correspondence table, and searches for The received phone number is returned to the above mobile terminal.
在步骤S304中,接收上述第二服务器返回的登录账号反馈信息,该登录账号反馈信息中包括上述电话号码;In step S304, receiving login account feedback information returned by the second server, the login account feedback information includes the phone number;
为了避免上述移动终端与上述第二服务器之间的通信数据被窃取,可以对该移动终端与该第二服务器之间的通信数据进行加密处理。比如,在步骤S303中,上述第二服务器对登录账号反馈信息进行加密,以确保该登录信息反馈信息中的电话号码不被非法用户截取。In order to prevent the communication data between the mobile terminal and the second server from being stolen, the communication data between the mobile terminal and the second server may be encrypted. For example, in step S303, the second server encrypts the login account feedback information to ensure that the phone number in the login information feedback information is not intercepted by illegal users.
在步骤S305中,根据上述登录账号反馈信息,将上述电话号码写入移动终端中可信执行环境TEE的存储器中;In step S305, according to the login account feedback information, write the phone number into the memory of the trusted execution environment TEE in the mobile terminal;
在该步骤S305中,需要将电话号码写入到移动终端的TEE存储器中,因此,实现上述步骤S301-S305的程序需要经过移动终端厂商的认证。另外,为了防止上述步骤S301-S305在执行时,被非法程序窃取登录账号,上述步骤S301-S305可以是基于TEE运行的程序;或者,在将电话号码写入TEE的存储器的过程中,对电话号码进行加密,由基于TEE运行的解密程序对其进行解密,这样,电话号码在传递到TEE的存储器的过程中是被加密的,能够在一定程度上降低在将电话号码写入TEE的存储器的过程中,被非法程序窃取登录账号的可能性。In this step S305, the phone number needs to be written into the TEE memory of the mobile terminal. Therefore, the procedure for implementing the above steps S301-S305 needs to be authenticated by the mobile terminal manufacturer. In addition, in order to prevent the above steps S301-S305 from being executed, the login account is stolen by an illegal program. The above steps S301-S305 may be a program running based on TEE; The number is encrypted and decrypted by a decryption program based on TEE. In this way, the phone number is encrypted in the process of being transferred to TEE's memory, which can reduce the number of phone numbers written into TEE's memory to a certain extent. In the process, the possibility of the login account being stolen by an illegal program.
本领域技术人员应该理解,上述步骤S301-S305并非每次都与后续步骤S306-S309一起执行,步骤S301-S305可以仅仅是在用户更换电话号码时执行,比如,当检测到用于指示用户已更换完成SIM卡的触发信号时,获取移动终端的IMEI或者该移动终端中SIM卡的IMSI(比如,当移动终端检测到用户拔下SIM卡,又插上SIM时,则产生一触发信号,使得该移动终端重新获取该移动终端的IMEI或者更换后的SIM卡的IMSI)。此外,在某些情况下,即使用户更换了SIM卡,但是移动终端的IMEI可能并没有绑定更换后的手机号码,因此,通过移动终端的IMEI,可能并不能获取到正确的电话号码,所以,在本申请实施例中,为了保证在用户更换SIM卡时,能够通过IMEI获取到更换后的电话号码,运营商应该在交付用户新的SIM之前,及时更新上述第二服务器中移动终端的IMEI与电话 号码的对应关系。Those skilled in the art should understand that the above steps S301-S305 are not executed together with the subsequent steps S306-S309 every time. The steps S301-S305 may only be executed when the user changes the phone number, for example, when detected to indicate that the user has When the trigger signal of the SIM card is replaced, the IMEI of the mobile terminal or the IMSI of the SIM card in the mobile terminal is obtained (for example, when the mobile terminal detects that the user removes the SIM card and inserts the SIM again, a trigger signal is generated so that The mobile terminal re-acquires the IMEI of the mobile terminal or the IMSI of the replaced SIM card). In addition, in some cases, even if the user replaces the SIM card, the IMEI of the mobile terminal may not be bound to the replaced mobile phone number. Therefore, the IMEI of the mobile terminal may not obtain the correct phone number, so In this embodiment of the present application, in order to ensure that the replaced phone number can be obtained through IMEI when the user replaces the SIM card, the operator should update the IMEI and mobile terminal IMEI of the second server in time before delivering the user's new SIM Correspondence of phone numbers.
在步骤S306中,读取上述TEE的存储器中所保存的上述电话号码;In step S306, read the phone number stored in the memory of the TEE;
在步骤S307中,将上述电话号码发送至第一服务器,以指示该第一服务器执行判断该电话号码是否为用于登录目标应用程序的已注册账号;In step S307, the above-mentioned phone number is sent to the first server to instruct the first server to perform judgment to determine whether the phone number is a registered account for logging in to the target application;
在步骤S308中,接收上述第一服务器返回的判断结果;In step S308, receive the judgment result returned by the first server;
在步骤S309中,若上述判断结果指示上述电话号码为用于登录上述目标应用程序的已注册账号,则登录上述目标应用程序。In step S309, if the result of the determination indicates that the phone number is a registered account for logging in to the target application, log in to the target application.
通常情况下,对于大多数应用程序来说,都支持基于电话号码的登录方法,因此,在本申请实施例二中,可以判断该移动终端的电话号码是否为登录上述目标应用程序的已注册账号,若是,则登录该目标应用程序。Generally, for most applications, the login method based on the phone number is supported. Therefore, in the second embodiment of the present application, it can be determined whether the phone number of the mobile terminal is the registered account for logging in to the target application , If yes, log in to the target application.
此外,本申请实施例二相比于实施例一,仅仅是将登录账号限定为电话号码,除此之外,上述步骤S306-S309与实施例一中的步骤S101-S104的具体执行方式完全相同,具体可参见实施例一的描述,此处不再赘述。In addition, compared with the first embodiment, the second embodiment of the present application only restricts the login account to the phone number, except that the above steps S306-S309 are exactly the same as the steps S101-S104 in the first embodiment. For details, please refer to the description of Embodiment 1, which will not be repeated here.
通常情况下,在移动终端中TEE的存储器中,不会仅仅只保存一个应用程序的登录账号,往往会保存多个应用程序的登录账号。如果将实施例一所述的登录账号限定为用户名和密码,会占用较大的TEE的存储器空间,原因如下:对于同一用户来说,不同的应用程序在登录时对应的用户名和密码往往不同,比如,小明登录微信的用户名为:xiaoming,密码为:123,但是登录淘宝的用户名却为:xiaomifeng,密码为:happy123,所以,若将本申请实施例一所述的技术方案中的登录账号限定为用户名和密码,会占用大量的TEE的存储器的存储空间。然而,对于同一个用户来说,其往往只有一个电话号码或者几个电话号码,并且目前大多数应用程序都支持基于电话号码的登录方式,因此,为了避免在移动终端中TEE的存储器中保存太多的应用程序的登录账号,避免占用大量的TEE的存储器的存储空间,本申请实施例二将实施例一中的登录账号限定为电话号码。此外,本申请实施例二同实施例一相同,也能够在一定程度上提高登录的安全性,并且可以在一定程度上减少用户在登录应用程序时的操作步骤。Generally, in the memory of the TEE in the mobile terminal, not only the login account of only one application program is stored, but the login accounts of multiple application programs are often saved. If the login account described in the first embodiment is limited to the user name and password, it will occupy a large TEE memory space for the following reasons: for the same user, different applications often log in with different user names and passwords, For example, the user name for Xiaoming's login to WeChat is: xiaoming and the password is: 123, but the user name for logging in to Taobao is: xiaomifeng and the password is: happy123. The account number is limited to the user name and password, which will occupy a large amount of storage space in the TEE memory. However, for the same user, it often has only one phone number or several phone numbers, and most current applications support the login method based on the phone number. Therefore, in order to avoid storing too much in the TEE memory in the mobile terminal The login accounts of multiple application programs avoid occupying a large amount of storage space of the TEE memory. In the second embodiment of the present application, the login account in the first embodiment is limited to a phone number. In addition, the second embodiment of the present application is the same as the first embodiment, and can also improve the security of login to a certain extent, and can reduce the operation steps of the user when logging in to the application to a certain extent.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence numbers of the steps in the above embodiments does not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
实施例3Example 3
本申请实施例三提供了一种应用程序登录装置,该应用程序登录装置应用于移动终端,如图4所示,该应用程序登录装置400包括:Embodiment 3 of the present application provides an application program login device. The application program login device is applied to a mobile terminal. As shown in FIG. 4, the application program login device 400 includes:
账号读取模块401,用于读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号;The account reading module 401 is used to read the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
账号发送模块402,用于将上述登录账号发送至第一服务器,以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号;The account sending module 402 is used to send the login account to the first server to instruct the first server to perform the judgment whether the login account is a registered account for logging in to the target application;
结果接收模块403,用于接收上述第一服务器返回的判断结果;A result receiving module 403, configured to receive the judgment result returned by the first server;
第一登录模块404,用于若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号,则登录上述目标应用程序。The first login module 404 is configured to log in to the target application if the judgment result indicates that the login account is a registered account for logging in to the target application.
可选地,上述应用程序登录装置400还包括:Optionally, the above application login device 400 further includes:
账号请求模块,用于发送登录账号请求信息至第二服务器,上述登录账号请求信息用于指示上述第二服务器查找上述登录账号;The account request module is used to send login account request information to the second server, and the login account request information is used to instruct the second server to search for the login account;
账号接收模块,用于接收上述第二服务器返回的登录账号反馈信息,上述登录账号反馈信息中包括上述登录账号;An account receiving module, configured to receive feedback information of the login account returned by the second server, and the feedback information of the login account includes the login account;
账号写入模块,用于根据上述登录账号反馈信息,将上述登录账号写入上述TEE的存储器中。The account writing module is configured to write the login account into the TEE memory according to the login account feedback information.
可选地,上述登录账号反馈信息为上述第二服务器利用预设的第一加密规则经加密处理得到的信息;Optionally, the login account feedback information is information obtained by the second server through encryption processing using a preset first encryption rule;
相应地,上述账号写入模块具体用于:根据与上述第一加密规则对应的解密规则,对上述登录账号反馈信息进行解密处理,从而得到上述登录账号,并将上述登录账号写入上述TEE的存储器中。Correspondingly, the account writing module is specifically used to decrypt the login account feedback information according to the decryption rule corresponding to the first encryption rule to obtain the login account and write the login account into the TEE In memory.
可选地,上述登录账号为上述移动终端对应的电话号码;Optionally, the login account is a phone number corresponding to the mobile terminal;
相应地,上述账号请求模块,包括:Correspondingly, the above account request module includes:
识别码获取单元,用于获取上述移动终端的国际移动设备标识码IMEI或者上述移动终端中用户识别模式SIM卡的国际移动用户识别码IMSI;An identification code acquiring unit, configured to acquire the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the user identification mode SIM card in the mobile terminal;
请求信息生成单元,用于根据上述IMEI或者上述IMSI,生成上述登录账号请求信息,其中,上述登录账号请求信息中包括上述IMEI或者上述IMSI;A request information generating unit, configured to generate the login account request information according to the IMEI or the IMSI, wherein the login account request information includes the IMEI or the IMSI;
请求信息发送单元,用于发送上述登录账号请求信息至上述第二服务器,上述登录账号请求信息用于指示上述第二服务器查找与上述IMEI或者上述IMSI对应的电话号码。The request information sending unit is configured to send the login account request information to the second server, and the login account request information is used to instruct the second server to search for a phone number corresponding to the IMEI or the IMSI.
可选地,上述识别码获取单元具体用于:当检测到用于指示用户已更换完成上述SIM卡的触发信号时,获取上述移动终端的国际移动设备标识码IMEI或者上述SIM卡的国际移动用户识别码IMSI。Optionally, the identification code acquiring unit is specifically configured to: when detecting a trigger signal indicating that the user has completed the replacement of the SIM card, acquire the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user of the SIM card Identification code IMSI.
可选地,上述账号发送模块402,包括:Optionally, the above account sending module 402 includes:
账号加密单元,用于利用预设的第二加密规则对上述登录账号进行加密处理,得到加密处理后的加密登录账号;An account encryption unit for encrypting the above login account using a preset second encryption rule to obtain an encrypted login account after the encryption process;
加密账号发送单元,用于将上述加密登录账号发送至第一服务器,以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号。The encrypted account sending unit is configured to send the encrypted login account to the first server to instruct the first server to determine whether the login account is a registered account for logging in to the target application.
可选地,上述应用程序登录装置400还包括:Optionally, the above application login device 400 further includes:
第二登录模块,用于若上述判断结果指示上述登录账号不是用于登录上述目标应用程序的已注册账号,则生成提示信息,上述提示信息用于提示用户无法登录上述目标应用程序。The second login module is configured to generate prompt information if the judgment result indicates that the login account is not a registered account for logging in to the target application, and the prompt information is used to prompt the user that the target application cannot be logged in.
可选地,上述账号读取模块401具体用于:当检测到用户启动上述目标应用程序时,读取上述移动终端中TEE的存储器中所保存的登录账号。Optionally, the account reading module 401 is specifically configured to: when it is detected that the user starts the target application, read the login account saved in the memory of the TEE in the mobile terminal.
可选地,上述账号读取模块401具体用于:当检测到用户启动上述目标应用程序时,则通过调用预设接口函数,读取上述移动终端中TEE的存储器中所保存的登录账号。Optionally, the account reading module 401 is specifically configured to: when it is detected that the user starts the target application, read the login account saved in the memory of the TEE in the mobile terminal by calling a preset interface function.
需要说明的是,上述装置/单元之间的信息交互、执行过程等内容,由于与本申请方法实施例基于同一构思,其具体功能及带来的技术效果,具体可参见方法实施例部分,此处不再赘述。It should be noted that the information interaction and execution process between the above devices / units are based on the same concept as the method embodiments of the present application, and their specific functions and technical effects can be referred to the method embodiments. I will not repeat them here.
实施例4Example 4
图5是本申请实施例四提供的移动终端的示意图。如图5所示,该实施例的移动终端5包括:处理器50、预设存储器51以及存储在上述预设存储器51中并可在上述处理器50上运行的计算机程序52。上述处理器50执行上述计算机程序52时实现上述各个方法实施例中的步骤,例如图1所示的步骤101至104。或者,上述处理器50执行上述计算机程序52时实现上述各装置实施例中各模块/单元的功能,例如图4所示模块401至404的功能。FIG. 5 is a schematic diagram of a mobile terminal provided in Embodiment 4 of the present application. As shown in FIG. 5, the mobile terminal 5 of this embodiment includes: a processor 50, a preset memory 51 and a computer program 52 stored in the preset memory 51 and executable on the processor 50. When the processor 50 executes the computer program 52, the steps in the above method embodiments are implemented, for example, steps 101 to 104 shown in FIG. 1. Alternatively, when the processor 50 executes the computer program 52, the functions of the modules / units in the foregoing device embodiments are realized, for example, the functions of the modules 401 to 404 shown in FIG. 4.
示例性的,上述计算机程序52可以被分割成一个或多个模块/单元,上述一个或者多个模块/单元被存储在上述预设存储器51中,并由上述处理器50执行,以完成本申请。上述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述上述计算机程序52在上述移动终端5中的执行过程。例如,上述计算机程序52可以被分割成账号读取模块、账号发送模块、结果接收模块以及第一登录模块,各模块具体功能如下:Exemplarily, the computer program 52 may be divided into one or more modules / units, the one or more modules / units are stored in the preset memory 51, and executed by the processor 50 to complete the application . The one or more modules / units may be a series of computer program instruction segments capable of performing specific functions. The instruction segments are used to describe the execution process of the computer program 52 in the mobile terminal 5. For example, the above-mentioned computer program 52 may be divided into an account reading module, an account sending module, a result receiving module, and a first login module. The specific functions of each module are as follows:
读取上述移动终端中可信执行环境TEE的存储器中所保存的登录账号;Reading the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
将上述登录账号发送至第一服务器,以指示上述第一服务器执行判断上述登录账号是否为用于登录目标应用程序的已注册账号;Sending the login account to the first server to instruct the first server to determine whether the login account is a registered account for logging in to the target application;
接收上述第一服务器返回的判断结果;Receiving the judgment result returned by the first server;
若上述判断结果指示上述登录账号为用于登录上述目标应用程序的已注册账号,则登录上述目标应用程序。If the judgment result indicates that the login account is a registered account for logging in to the target application, log in to the target application.
上述移动终端可包括,但不仅限于,处理器50、预设存储器51。本领域技术人员可以理解,图5仅仅是移动终端5的示例,并不构成对移动终端5的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如上述移动终端还可以包括输入输出设备、网络接入设备、总线等。The above mobile terminal may include, but is not limited to, the processor 50 and the preset memory 51. Those skilled in the art may understand that FIG. 5 is only an example of the mobile terminal 5 and does not constitute a limitation on the mobile terminal 5, and may include more or fewer components than those illustrated, or combine certain components, or different components For example, the above mobile terminal may further include input and output devices, network access devices, buses, and the like.
所称处理器50可以是中央处理单元(Central Processing Unit,CPU),还可以是其它通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其它可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor 50 may be a central processing unit (Central Processing Unit, CPU), or other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field-programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
上述预设存储器51可以是上述移动终端5的内部存储单元,例如移动终端5的硬盘或内存。上述预设存储器51也可以是上述移动终端5的外部存储设备,例如上述移动终端5上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,上述预设存储器51还可以既包括上述移动终端5的内部存储单元也包括外部存储设备。上述预设存储器51用于存储上述计算机程序以及上述移动终端所需的其它程序和数据。上述预设存储器51还可以用于暂时地存储已经输出或者将要输出的数据。The preset memory 51 may be an internal storage unit of the mobile terminal 5, such as a hard disk or a memory of the mobile terminal 5. The preset memory 51 may also be an external storage device of the mobile terminal 5, such as a plug-in hard disk equipped on the mobile terminal 5, a smart memory card (Smart Media (SMC), a secure digital (SD) card) , Flash card (Flash Card), etc. Further, the preset memory 51 may also include both the internal storage unit of the mobile terminal 5 and an external storage device. The preset memory 51 is used to store the computer program and other programs and data required by the mobile terminal. The preset memory 51 can also be used to temporarily store data that has been output or is to be output.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将上述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for convenience and conciseness of description, only the above-mentioned division of each functional unit and module is used as an example for illustration. In practical applications, the above-mentioned functions may be allocated by different functional units, Module completion means that the internal structure of the above device is divided into different functional units or modules to complete all or part of the functions described above. The functional units and modules in the embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above integrated unit may use hardware It can also be implemented in the form of software functional units. In addition, the specific names of each functional unit and module are only for the purpose of distinguishing each other, and are not used to limit the protection scope of the present application. For the specific working processes of the units and modules in the above system, reference may be made to the corresponding processes in the foregoing method embodiments, which will not be repeated here.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。In the above embodiments, the description of each embodiment has its own emphasis. For a part that is not detailed or recorded in an embodiment, you can refer to the related descriptions of other embodiments.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者外部设备软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出 本申请的范围。Those of ordinary skill in the art may realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of external device software and electronic hardware. Whether these functions are executed in hardware or software depends on the specific application of the technical solution and design constraints. Professional technicians can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
在本申请所提供的实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的系统实施例仅仅是示意性的,例如,上述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided in this application, it should be understood that the disclosed device and method may be implemented in other ways. For example, the system embodiments described above are only schematic. For example, the division of the above-mentioned modules or units is only a division of logical functions. In actual implementation, there may be other divisions, for example, multiple units or components may be combined Or it can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
上述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
上述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,上述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,上述计算机程序包括计算机程序代码,上述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。上述计算机可读存储介质可以包括:能够携带上述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机可读存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,上述计算机可读存储介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读存储介质不包括是电载波信号和电信信号。If the above integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, the present application can implement all or part of the processes in the methods of the above embodiments, and can also be completed by instructing relevant hardware through a computer program. The above computer program can be stored in a computer-readable storage medium, and the computer program When executed by the processor, the steps of the foregoing method embodiments may be implemented. Wherein, the above-mentioned computer program includes computer program code, and the above-mentioned computer program code may be in the form of source code, object code, executable file or some intermediate form. The above-mentioned computer-readable storage medium may include: any entity or device capable of carrying the above-mentioned computer program code, recording medium, U disk, removable hard disk, magnetic disk, optical disk, computer-readable memory, read-only memory (ROM, Read-Only Memory) ), Random Access Memory (RAM, Random Access Memory), electrical carrier signals, telecommunications signals and software distribution media, etc. It should be noted that the content contained in the above computer-readable storage medium can be appropriately increased or decreased according to the requirements of legislation and patent practice in jurisdictions. For example, in some jurisdictions, according to legislation and patent practice, computer-readable storage The medium does not include electrical carrier signals and telecommunications signals.
以上上述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, persons of ordinary skill in the art should understand that they can still perform the foregoing embodiments The recorded technical solutions are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of this application, and should be included in this Within the scope of protection applied for.

Claims (20)

  1. 一种应用程序登录方法,应用于移动终端,其特征在于,所述应用程序登录方法包括:An application program login method applied to a mobile terminal, characterized in that the application program login method includes:
    读取所述移动终端中可信执行环境TEE的存储器中所保存的登录账号;Reading the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
    将所述登录账号发送至第一服务器中,以指示所述第一服务器执行判断所述登录账号是否为用于登录目标应用程序的已注册账号;Sending the login account to the first server to instruct the first server to perform judgment as to whether the login account is a registered account for logging in to the target application;
    接收所述第一服务器返回的判断结果;Receiving the judgment result returned by the first server;
    若所述判断结果指示所述登录账号为用于登录所述目标应用程序的已注册账号,则登录所述目标应用程序。If the judgment result indicates that the login account is a registered account for logging in to the target application, log in to the target application.
  2. 如权利要求1所述的应用程序登录方法,其特征在于,在所述读取所述移动终端中可信执行环境TEE的存储器中所保存的登录账号的步骤之前,还包括:The application program login method according to claim 1, wherein before the step of reading the login account stored in the memory of the trusted execution environment TEE in the mobile terminal, further comprising:
    发送登录账号请求信息至第二服务器,所述登录账号请求信息用于指示所述第二服务器查找所述登录账号;Sending login account request information to the second server, where the login account request information is used to instruct the second server to search for the login account;
    接收所述第二服务器返回的登录账号反馈信息,所述登录账号反馈信息中包括所述登录账号;Receiving login account feedback information returned by the second server, where the login account feedback information includes the login account;
    根据所述登录账号反馈信息,将所述登录账号写入所述TEE的存储器中。According to the feedback information of the login account, write the login account into the memory of the TEE.
  3. 如权利要求2所述的应用程序登录方法,其特征在于,所述登录账号反馈信息为所述第二服务器利用预设的第一加密规则经加密处理得到的信息;The application program login method according to claim 2, wherein the login account feedback information is information obtained by the second server through encryption processing using a preset first encryption rule;
    相应地,根据所述登录账号反馈信息,将所述登录账号写入所述TEE的存储器中,包括:Correspondingly, according to the feedback information of the login account, writing the login account into the memory of the TEE includes:
    根据与所述第一加密规则对应的解密规则,对所述登录账号反馈信息进行解密处理,从而得到所述登录账号,并将所述登录账号写入所述TEE的存储器中。According to the decryption rule corresponding to the first encryption rule, decrypt the login account feedback information to obtain the login account, and write the login account into the TEE memory.
  4. 如权利要求2所述的应用程序登录方法,其特征在于,所述登录账号为所述移动终端对应的电话号码;The application login method according to claim 2, wherein the login account is a phone number corresponding to the mobile terminal;
    相应地,所述发送登录账号请求信息至第二服务器,所述登录账号请求信息用于指示所述第二服务器查找所述登录账号,包括:Correspondingly, the sending login account request information to the second server, the login account request information used to instruct the second server to search for the login account, includes:
    获取所述移动终端的国际移动设备标识码IMEI或者所述移动终端中用户识别模式SIM卡的国际移动用户识别码IMSI;Acquiring the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the user identification mode SIM card in the mobile terminal;
    根据所述IMEI或者所述IMSI,生成所述登录账号请求信息,其中,所述登录账号请求信息中包括所述IMEI或者所述IMSI;Generating the login account request information according to the IMEI or the IMSI, wherein the login account request information includes the IMEI or the IMSI;
    发送所述登录账号请求信息至所述第二服务器,所述登录账号请求信息用于指示所述第二服务器查找与所述IMEI或者所述IMSI对应的电话号码。Sending the login account request information to the second server, where the login account request information is used to instruct the second server to search for a phone number corresponding to the IMEI or the IMSI.
  5. 如权利要求4所述的应用程序登录方法,其特征在于,所述获取所述移动终端的国际移动设备标识码IMEI或者所述SIM卡的国际移动用户识别码IMSI,包括:The application login method according to claim 4, wherein the acquiring the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the SIM card includes:
    当检测到用于指示用户已更换完成所述SIM卡的触发信号时,获取所述移动终端的国际移动设备标识码IMEI或者所述SIM卡的国际移动用户识别码IMSI。When a trigger signal indicating that the user has replaced the SIM card is detected, the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the SIM card is acquired.
  6. 如权利要求1至5中任一项所述的应用程序登录方法,其特征在于,所述将所述登录账号发送至第一服务器中,以指示所述第一服务器执行判断所述登录账号是否为用于登录目标应用程序的已注册账号,包括:The application login method according to any one of claims 1 to 5, wherein the sending the login account to a first server instructs the first server to perform judgment on whether the login account is Registered account used to log in to the target application, including:
    利用预设的第二加密规则对所述登录账号进行加密处理,得到加密处理后的加密登录账号;Encrypting the login account using a preset second encryption rule to obtain an encrypted login account after the encryption process;
    将所述加密登录账号发送至第一服务器,以指示所述第一服务器执行判断所述登录账号是否为用于登录目标应用程序的已注册账号。Sending the encrypted login account to the first server to instruct the first server to perform judgment on whether the login account is a registered account for logging in to the target application.
  7. 如权利要求1至5中任一项所述的应用程序登录方法,其特征在于,在所述接收所述第一服务器返回的判断结果的步骤之后,还包括:The application login method according to any one of claims 1 to 5, wherein after the step of receiving the judgment result returned by the first server, the method further comprises:
    若所述判断结果指示所述登录账号不是用于登录所述目标应用程序的已注册账号,则生成提示信息,所述提示信息用于提示用户无法登录所述目标应用程序。If the judgment result indicates that the login account is not a registered account for logging in to the target application, then prompt information is generated, and the prompt information is used to prompt the user that the target application cannot be logged in.
  8. 如权利要求1至5中任一项所述的应用程序登录方法,其特征在于,所述读取所述移动终端中可信执行环境TEE的存储器中所保存的登录账号包括:The application login method according to any one of claims 1 to 5, wherein the reading of the login account stored in the memory of the trusted execution environment TEE in the mobile terminal includes:
    当检测到用户启动所述目标应用程序时,读取所述移动终端中TEE的存储器中所保存的登录账号。When it is detected that the user starts the target application program, the login account stored in the memory of the TEE in the mobile terminal is read.
  9. 如权利要求8所述的应用程序登录方法,其特征在于,所述当检测到用户启动所述目标应用程序时,读取所述移动终端中TEE的存储器中所保存的登录账号,包括:The application login method according to claim 8, wherein, when it is detected that the user starts the target application, reading the login account stored in the memory of the TEE in the mobile terminal includes:
    当检测到用户启动所述目标应用程序时,则通过调用预设接口函数,读取所述移动终端中TEE的存储器中所保存的登录账号。When it is detected that the user starts the target application program, by calling a preset interface function, the login account stored in the memory of the TEE in the mobile terminal is read.
  10. 一种移动终端,包括预设存储器、处理器以及存储在所述预设存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如下步骤:A mobile terminal includes a preset memory, a processor, and a computer program stored in the preset memory and executable on the processor, characterized in that, when the processor executes the computer program, it is implemented as follows step:
    读取所述移动终端中可信执行环境TEE的存储器中所保存的登录账号;Reading the login account saved in the memory of the trusted execution environment TEE in the mobile terminal;
    将所述登录账号发送至第一服务器中,以指示所述第一服务器执行判断所述登录账号是否为用于登录目标应用程序的已注册账号;Sending the login account to the first server to instruct the first server to perform judgment as to whether the login account is a registered account for logging in to the target application;
    接收所述第一服务器返回的判断结果;Receiving the judgment result returned by the first server;
    若所述判断结果指示所述登录账号为用于登录所述目标应用程序的已注册账号,则登录所述目标应用程序。If the judgment result indicates that the login account is a registered account for logging in to the target application, log in to the target application.
  11. 如权利要求10所述的移动终端,其特征在于,在所述读取所述移动终端中可信执行环境TEE的存储器中所保存的登录账号的步骤之前,还包括:The mobile terminal according to claim 10, wherein before the step of reading the login account stored in the memory of the trusted execution environment TEE in the mobile terminal, further comprising:
    发送登录账号请求信息至第二服务器,所述登录账号请求信息用于指示所述第二服务器查找所述登录账号;Sending login account request information to the second server, where the login account request information is used to instruct the second server to search for the login account;
    接收所述第二服务器返回的登录账号反馈信息,所述登录账号反馈信息中包括所述登录账号;Receiving login account feedback information returned by the second server, where the login account feedback information includes the login account;
    根据所述登录账号反馈信息,将所述登录账号写入所述TEE的存储器中。According to the feedback information of the login account, write the login account into the memory of the TEE.
  12. 如权利要求11所述的移动终端,其特征在于,所述登录账号反馈信息为所述第二服务器利用预设的第一加密规则经加密处理得到的信息;The mobile terminal according to claim 11, wherein the login account feedback information is information obtained by the second server through encryption processing using a preset first encryption rule;
    相应地,根据所述登录账号反馈信息,将所述登录账号写入所述TEE的存储器中,包括:Correspondingly, according to the feedback information of the login account, writing the login account into the memory of the TEE includes:
    根据与所述第一加密规则对应的解密规则,对所述登录账号反馈信息进行解密处理,从而得到所述登录账号,并将所述登录账号写入所述TEE的存储器中。According to the decryption rule corresponding to the first encryption rule, decrypt the login account feedback information to obtain the login account, and write the login account into the TEE memory.
  13. 如权利要求11所述的移动终端,其特征在于,所述登录账号为所述移动终端对应的电话号码;The mobile terminal according to claim 11, wherein the login account is a phone number corresponding to the mobile terminal;
    相应地,所述发送登录账号请求信息至第二服务器,所述登录账号请求信息用于指示所述第二服务器查找所述登录账号,包括:Correspondingly, the sending login account request information to the second server, the login account request information used to instruct the second server to search for the login account, includes:
    获取所述移动终端的国际移动设备标识码IMEI或者所述移动终端中用户识别模式SIM卡的国际移动用户识别码IMSI;Acquiring the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the user identification mode SIM card in the mobile terminal;
    根据所述IMEI或者所述IMSI,生成所述登录账号请求信息,其中,所述登录账号请求信息中包括所述IMEI或者所述IMSI;Generating the login account request information according to the IMEI or the IMSI, wherein the login account request information includes the IMEI or the IMSI;
    发送所述登录账号请求信息至所述第二服务器,所述登录账号请求信息用于指示所述第二服务器查找与所述IMEI或者所述IMSI对应的电话号码。Sending the login account request information to the second server, where the login account request information is used to instruct the second server to search for a phone number corresponding to the IMEI or the IMSI.
  14. 如权利要求13所述的移动终端,其特征在于,所述获取所述移动终端的国际移动设备标识码IMEI或者所述SIM卡的国际移动用户识别码IMSI,包括:The mobile terminal according to claim 13, wherein the acquiring the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the SIM card includes:
    当检测到用于指示用户已更换完成所述SIM卡的触发信号时,获取所述移动终端的国际移动设备标识码IMEI或者所述SIM卡的国际移动用户识别码IMSI。When a trigger signal indicating that the user has replaced the SIM card is detected, the international mobile equipment identification code IMEI of the mobile terminal or the international mobile user identification code IMSI of the SIM card is acquired.
  15. 如权利要求10至14中任一项所述的移动终端,其特征在于,所述将所述登录账号发送至第一服务器中,以指示所述第一服务器执行判断所述登录账号是否为用于登录目标应用程序的已注册账号,包括:The mobile terminal according to any one of claims 10 to 14, wherein the sending the login account to the first server instructs the first server to perform judgment on whether the login account is used Registered account for logging into the target application, including:
    利用预设的第二加密规则对所述登录账号进行加密处理,得到加密处理后的加密 登录账号;Encrypting the login account using a preset second encryption rule to obtain an encrypted login account after the encryption process;
    将所述加密登录账号发送至第一服务器,以指示所述第一服务器执行判断所述登录账号是否为用于登录目标应用程序的已注册账号。Sending the encrypted login account to the first server to instruct the first server to perform judgment on whether the login account is a registered account for logging in to the target application.
  16. 如权利要求10至14中任一项所述的移动终端,其特征在于,在所述接收所述第一服务器返回的判断结果的步骤之后,还包括:The mobile terminal according to any one of claims 10 to 14, after the step of receiving the judgment result returned by the first server, further comprising:
    若所述判断结果指示所述登录账号不是用于登录所述目标应用程序的已注册账号,则生成提示信息,所述提示信息用于提示用户无法登录所述目标应用程序。If the judgment result indicates that the login account is not a registered account for logging in to the target application, then prompt information is generated, and the prompt information is used to prompt the user that the target application cannot be logged in.
  17. 如权利要求10至14中任一项所述的移动终端,其特征在于,所述读取所述移动终端中可信执行环境TEE的存储器中所保存的登录账号包括:The mobile terminal according to any one of claims 10 to 14, wherein the reading of the login account stored in the memory of the trusted execution environment TEE in the mobile terminal includes:
    当检测到用户启动所述目标应用程序时,读取所述移动终端中TEE的存储器中所保存的登录账号。When it is detected that the user starts the target application program, the login account stored in the memory of the TEE in the mobile terminal is read.
  18. 如权利要求17所述的移动终端,其特征在于,所述当检测到用户启动所述目标应用程序时,读取所述移动终端中TEE的存储器中所保存的登录账号,包括:The mobile terminal according to claim 17, wherein, when it is detected that the user starts the target application, reading the login account stored in the memory of the TEE in the mobile terminal includes:
    当检测到用户启动所述目标应用程序时,则通过调用预设接口函数,读取所述移动终端中TEE的存储器中所保存的登录账号。When it is detected that the user starts the target application program, by calling a preset interface function, the login account stored in the memory of the TEE in the mobile terminal is read.
  19. 一种应用程序登录装置,应用于移动终端,其特征在于,所述应用程序登录装置包括:An application program login device applied to a mobile terminal, characterized in that the application program login device includes:
    账号读取模块,用于读取所述移动终端中可信执行环境TEE的存储器中所保存的登录账号;An account reading module, used to read the login account stored in the memory of the trusted execution environment TEE in the mobile terminal;
    账号发送模块,用于将所述登录账号发送至第一服务器中,以指示所述第一服务器执行判断所述登录账号是否为用于登录目标应用程序的已注册账号;An account sending module, configured to send the login account to the first server to instruct the first server to perform judgment on whether the login account is a registered account for logging in to the target application;
    结果接收模块,用于接收所述第一服务器返回的判断结果;A result receiving module, configured to receive the judgment result returned by the first server;
    第一登录模块,用于若所述判断结果指示所述登录账号为用于登录所述目标应用程序的已注册账号,则登录所述目标应用程序。The first login module is configured to log in to the target application if the judgment result indicates that the login account is a registered account for logging in to the target application.
  20. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至9任一项所述方法的步骤。A computer-readable storage medium storing a computer program, characterized in that, when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 9 are implemented.
PCT/CN2018/114020 2018-11-05 2018-11-05 Application program login method, application program login device and mobile terminal WO2020093214A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201880097797.8A CN112771826B (en) 2018-11-05 2018-11-05 Application program login method, application program login device and mobile terminal
PCT/CN2018/114020 WO2020093214A1 (en) 2018-11-05 2018-11-05 Application program login method, application program login device and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/114020 WO2020093214A1 (en) 2018-11-05 2018-11-05 Application program login method, application program login device and mobile terminal

Publications (1)

Publication Number Publication Date
WO2020093214A1 true WO2020093214A1 (en) 2020-05-14

Family

ID=70611617

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/114020 WO2020093214A1 (en) 2018-11-05 2018-11-05 Application program login method, application program login device and mobile terminal

Country Status (2)

Country Link
CN (1) CN112771826B (en)
WO (1) WO2020093214A1 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111666546A (en) * 2020-06-19 2020-09-15 上海连尚网络科技有限公司 Application login method and device
CN111967016A (en) * 2020-07-28 2020-11-20 中国长城科技集团股份有限公司 Dynamic monitoring method of baseboard management controller and baseboard management controller
CN112291268A (en) * 2020-11-26 2021-01-29 上海优扬新媒信息技术有限公司 Information transmission method, device, equipment and storage medium
CN112506533A (en) * 2020-12-17 2021-03-16 深圳市欢太科技有限公司 Application program processing method and device, storage medium and electronic equipment
CN112667985A (en) * 2020-12-31 2021-04-16 深兰盛视科技(苏州)有限公司 Bargun control method and device, bargun and computer readable storage medium
CN112905313A (en) * 2021-01-21 2021-06-04 深圳市元征科技股份有限公司 Task processing method and device and electronic equipment
CN112968871A (en) * 2021-01-29 2021-06-15 北京字节跳动网络技术有限公司 Login method and device of application program, readable medium and electronic equipment
CN112965955A (en) * 2021-03-17 2021-06-15 北京奇艺世纪科技有限公司 Data migration method and device, computer equipment and storage medium
CN113114693A (en) * 2021-04-16 2021-07-13 北京天空卫士网络安全技术有限公司 Account state display method and device
CN113438228A (en) * 2021-06-23 2021-09-24 金蝶软件(中国)有限公司 Application login method and device and readable storage medium
CN113765924A (en) * 2021-09-08 2021-12-07 未鲲(上海)科技服务有限公司 Safety monitoring method, terminal and equipment based on cross-server access of user
CN113783869A (en) * 2021-09-08 2021-12-10 上海达龙信息科技有限公司 Sharing link-based cloud application sharing method and device, storage medium and equipment
CN113961286A (en) * 2021-10-11 2022-01-21 支付宝(杭州)信息技术有限公司 Page generation method, device and equipment for application program
CN114676067A (en) * 2022-05-26 2022-06-28 武汉迎风聚智科技有限公司 Parameterization processing method and device for test script
CN114710339A (en) * 2022-03-25 2022-07-05 云南腾云信息产业有限公司 Login method and device of application program, mobile terminal and readable storage medium
CN114978748A (en) * 2022-06-14 2022-08-30 中国电信股份有限公司 Login control method and device, readable storage medium and electronic equipment
CN115174128A (en) * 2021-03-19 2022-10-11 北京金山云网络技术有限公司 Login management method and device and private cloud control server
WO2023029476A1 (en) * 2021-09-03 2023-03-09 王恩惠 Method for determining account information when user is in non-login state, and system
CN116301456A (en) * 2023-02-21 2023-06-23 广州市保伦电子有限公司 Windows client login test management method, device and system
CN117938546A (en) * 2024-03-21 2024-04-26 苏州阿基米德网络科技有限公司 Verification and data access method of electronic account

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222200A (en) * 2011-06-24 2011-10-19 宇龙计算机通信科技(深圳)有限公司 Application program logging method and logging management system
CN103428221A (en) * 2013-08-26 2013-12-04 百度在线网络技术(北京)有限公司 Safety logging method, system and device of mobile application
CN106549920A (en) * 2015-09-21 2017-03-29 华为终端(东莞)有限公司 Log-on message input method, log-on message store method and relevant apparatus
CN106921799A (en) * 2017-02-24 2017-07-04 深圳市金立通信设备有限公司 A kind of mobile terminal safety means of defence and mobile terminal
EP3328013A1 (en) * 2015-07-17 2018-05-30 ZTE Corporation Information processing method, device, system and computer storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9361619B2 (en) * 2012-08-06 2016-06-07 Ca, Inc. Secure and convenient mobile authentication techniques
US20190268155A1 (en) * 2016-12-02 2019-08-29 Huawei Technologies Co., Ltd. Method for Ensuring Terminal Security and Device
CN107609863A (en) * 2017-08-28 2018-01-19 中国银联股份有限公司 The method and terminal that a kind of terminal is paid

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222200A (en) * 2011-06-24 2011-10-19 宇龙计算机通信科技(深圳)有限公司 Application program logging method and logging management system
CN103428221A (en) * 2013-08-26 2013-12-04 百度在线网络技术(北京)有限公司 Safety logging method, system and device of mobile application
EP3328013A1 (en) * 2015-07-17 2018-05-30 ZTE Corporation Information processing method, device, system and computer storage medium
CN106549920A (en) * 2015-09-21 2017-03-29 华为终端(东莞)有限公司 Log-on message input method, log-on message store method and relevant apparatus
CN106921799A (en) * 2017-02-24 2017-07-04 深圳市金立通信设备有限公司 A kind of mobile terminal safety means of defence and mobile terminal

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111666546B (en) * 2020-06-19 2023-10-13 上海连尚网络科技有限公司 Application login method and device
CN111666546A (en) * 2020-06-19 2020-09-15 上海连尚网络科技有限公司 Application login method and device
CN111967016B (en) * 2020-07-28 2024-04-12 中国长城科技集团股份有限公司 Dynamic monitoring method of baseboard management controller and baseboard management controller
CN111967016A (en) * 2020-07-28 2020-11-20 中国长城科技集团股份有限公司 Dynamic monitoring method of baseboard management controller and baseboard management controller
CN112291268A (en) * 2020-11-26 2021-01-29 上海优扬新媒信息技术有限公司 Information transmission method, device, equipment and storage medium
CN112506533A (en) * 2020-12-17 2021-03-16 深圳市欢太科技有限公司 Application program processing method and device, storage medium and electronic equipment
CN112667985A (en) * 2020-12-31 2021-04-16 深兰盛视科技(苏州)有限公司 Bargun control method and device, bargun and computer readable storage medium
CN112905313A (en) * 2021-01-21 2021-06-04 深圳市元征科技股份有限公司 Task processing method and device and electronic equipment
CN112968871B (en) * 2021-01-29 2022-08-02 北京字节跳动网络技术有限公司 Login method and device of application program, readable medium and electronic equipment
CN112968871A (en) * 2021-01-29 2021-06-15 北京字节跳动网络技术有限公司 Login method and device of application program, readable medium and electronic equipment
CN112965955A (en) * 2021-03-17 2021-06-15 北京奇艺世纪科技有限公司 Data migration method and device, computer equipment and storage medium
CN112965955B (en) * 2021-03-17 2024-01-12 北京奇艺世纪科技有限公司 Data migration method, device, computer equipment and storage medium
CN115174128A (en) * 2021-03-19 2022-10-11 北京金山云网络技术有限公司 Login management method and device and private cloud control server
CN113114693A (en) * 2021-04-16 2021-07-13 北京天空卫士网络安全技术有限公司 Account state display method and device
CN113114693B (en) * 2021-04-16 2023-06-16 北京天空卫士网络安全技术有限公司 Account state display method and device
CN113438228A (en) * 2021-06-23 2021-09-24 金蝶软件(中国)有限公司 Application login method and device and readable storage medium
WO2023029476A1 (en) * 2021-09-03 2023-03-09 王恩惠 Method for determining account information when user is in non-login state, and system
CN113765924A (en) * 2021-09-08 2021-12-07 未鲲(上海)科技服务有限公司 Safety monitoring method, terminal and equipment based on cross-server access of user
CN113783869A (en) * 2021-09-08 2021-12-10 上海达龙信息科技有限公司 Sharing link-based cloud application sharing method and device, storage medium and equipment
CN113783869B (en) * 2021-09-08 2023-07-21 上海达龙信息科技有限公司 Cloud application sharing method and device based on sharing link, storage medium and equipment
CN113961286A (en) * 2021-10-11 2022-01-21 支付宝(杭州)信息技术有限公司 Page generation method, device and equipment for application program
CN114710339A (en) * 2022-03-25 2022-07-05 云南腾云信息产业有限公司 Login method and device of application program, mobile terminal and readable storage medium
CN114676067B (en) * 2022-05-26 2022-08-30 武汉迎风聚智科技有限公司 Parameterization processing method and device for test script
CN114676067A (en) * 2022-05-26 2022-06-28 武汉迎风聚智科技有限公司 Parameterization processing method and device for test script
CN114978748A (en) * 2022-06-14 2022-08-30 中国电信股份有限公司 Login control method and device, readable storage medium and electronic equipment
CN116301456A (en) * 2023-02-21 2023-06-23 广州市保伦电子有限公司 Windows client login test management method, device and system
CN117938546A (en) * 2024-03-21 2024-04-26 苏州阿基米德网络科技有限公司 Verification and data access method of electronic account
CN117938546B (en) * 2024-03-21 2024-05-17 苏州阿基米德网络科技有限公司 Verification and data access method of electronic account

Also Published As

Publication number Publication date
CN112771826A (en) 2021-05-07
CN112771826B (en) 2023-01-10

Similar Documents

Publication Publication Date Title
WO2020093214A1 (en) Application program login method, application program login device and mobile terminal
US10878066B2 (en) System and method for controlled access to application programming interfaces
KR101000191B1 (en) Secure software updates
US9867043B2 (en) Secure device service enrollment
JP5576983B2 (en) Secure boot and configuration of subsystems from non-local storage
JP4874288B2 (en) Data storage and access to mobile devices and user modules
WO2015180691A1 (en) Key agreement method and device for verification information
US9225696B2 (en) Method for different users to securely access their respective partitioned data in an electronic apparatus
WO2006109307A2 (en) Method, device, and system of selectively accessing data
JP2005080315A (en) System and method for providing service
WO2019109968A1 (en) Method for unlocking sim card and mobile terminal
CN113557703B (en) Authentication method and device of network camera
WO2019134493A1 (en) Subscriber identity module data writing method, device, platform, and storage medium
US20080126802A1 (en) Inter-system binding method and application based on hardware security unit
WO2017166362A1 (en) Esim number writing method, security system, esim number server, and terminal
WO2019161582A1 (en) Mobile storage device and encryption method and apparatus therefor
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
CN115943381A (en) Data encryption and decryption method and device
CN113127844A (en) Variable access method, device, system, equipment and medium
CN115688120A (en) Secure chip firmware importing method, secure chip and computer readable storage medium
CN110851881B (en) Security detection method and device for terminal equipment, electronic equipment and storage medium
WO2021102753A1 (en) Flash packet encryption method and apparatus, electronic device, and computer storage medium
CN102812470A (en) Content Binding At First Access
US20200286097A1 (en) Electronic approval system and method and program using biometric authentication
KR20200101053A (en) Electronic device and certification method in electronic device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18939263

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18939263

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 17/09/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18939263

Country of ref document: EP

Kind code of ref document: A1