CN103888265B - A kind of application login system and method based on mobile terminal - Google Patents

A kind of application login system and method based on mobile terminal Download PDF

Info

Publication number
CN103888265B
CN103888265B CN201410144378.9A CN201410144378A CN103888265B CN 103888265 B CN103888265 B CN 103888265B CN 201410144378 A CN201410144378 A CN 201410144378A CN 103888265 B CN103888265 B CN 103888265B
Authority
CN
China
Prior art keywords
user
mobile terminal
authentication
module
background
Prior art date
Application number
CN201410144378.9A
Other languages
Chinese (zh)
Other versions
CN103888265A (en
Inventor
顾健
Original Assignee
上海博路信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海博路信息技术有限公司 filed Critical 上海博路信息技术有限公司
Priority to CN201410144378.9A priority Critical patent/CN103888265B/en
Publication of CN103888265A publication Critical patent/CN103888265A/en
Application granted granted Critical
Publication of CN103888265B publication Critical patent/CN103888265B/en

Links

Abstract

The invention discloses a kind of login system and method based on mobile terminal, comprising authentication computer authentication service module and application, terminal authentication authentication service module, system authentication authentication service etc..User computer is authenticated by the mutual scanning discovery of short-distance wireless technology and according to certification mode with mobile terminal, when User logs in is applied, application request system initiates logging request to mobile terminal simultaneously, system waits certification and the authenticating result to terminal after receiving the request of user in system end, terminal, which is received, alternatively to be verified after user identity according to security setting after the request of user data and landing request information that can authenticate terminal identity issuing system, the data that system is sent to mobile phone carry out the certification and authentication to terminal, such as pass through, the application of user on the access device is then allowed to log in.By equipment discovery and certification and based on mobile terminal authentication and certification, a kind of convenient automatically registering service experience has been provided the user.

Description

A kind of application login system and method based on mobile terminal

Technical field

The present invention relates to internet and field of terminal technology, a kind of application login system based on mobile terminal is particularly related to And method.

Background technology

It is one with the development of the development of Internet technology and terminal software technology, particularly internet and terminal technology Plant application login system and method based on mobile terminal and provide feasibility.

When user uses software on apparatus such as computer, it is often necessary to logged in, it is necessary to which user inputs user name, password The even input such as identifying code, complex steps are, it is necessary to which user remembers substantial amounts of log-on message, i.e. username and password, and there is use Frequently in transmission over networks, there is the hidden danger of safety in transmitting procedure, because the data of transmission over networks in name in an account book code data All it may be ravesdropping and analyze on any one node of transmission, or by wooden horse Malware in access equipment such as computer The possibility of password is stolen, user needs to put into the log-on message that larger energy safeguards different software, and Consumer's Experience needs To raising, it is necessary to which we find out a method for not only having ensured safety but also having improved login efficiency.

With mobile terminal become increasingly popular and the occupation rate of intelligent terminal is improved on a large scale, intelligent terminal turn into people Indispensable articles for use in daily life, the function of intelligent terminal is become stronger day by day, and autgmentability is also slow with traditional apparatus such as computer Slow equally matched and more powerful under many circumstances, the touch-screen on such as mobile terminal can provide gesture, word it is defeated Enter, or fingerprint recognition or terminal action induction, these functions can it is integrated on mobile terminals.

Meanwhile, the development of short-distance wireless technology, comprising bluetooth, WIFI-DIRECT, the technology such as NFC it is all increasingly mature and by Gradually spread on mobile terminal and on computer equipment, based on short-distance wireless technology, we can be within a less distance Such as the scope in tens meters to several centimetres, scanning and the neighbouring equipment of discovery and the interaction for carrying out data.

Therefore, privacy and portability based on mobile terminal, it is contemplated that regarding the mobile terminal of user as certification With a kind of mechanism of authentication user, or perhaps user is in the key of system, and user logs within equipment distance without input Information or on mobile terminals simply identification user identity after, system identification and checking user mobile terminal simultaneously based on move The confidence level of dynamic terminal assigns user the corresponding access rights in access equipment such as computer.

In view of this, it is a kind of simple and easy to apply it is an object of the invention to propose, with reference to short-distance wireless technology and software engineering A kind of application login system and method based on mobile terminal.

The content of the invention

As can be seen from above:

System includes background system, three parts of mobile terminal and access equipment, and methods described is comprised the following steps:

1) user sets access equipment, mobile terminal, system phase in system registry, user bound identity and mobile terminal Proof rule between mutually;

2) user access device and customer mobile terminal by short-distance wireless technology carry out mutual scanning discovery and according to The selected certification mode in family, carries out the unidirectional or two-way authentication between equipment;

3) mobile terminal Validation Mode is selected when user logs in application on the access device, application request system is logged in While to finding and authenticated mobile terminal initiates logging request;

4) background system is received after the logging request of user, is calculated authentication data and inquiry in background system and is compared The certification uploaded to mobile terminal and authorization data;

5) mobile terminal receives the checking request of user, and mobile terminal verifies basis after user identity according to security setting The certification arranged with system and authentication arithmetic, the data and landing request information of the mobile terminal identity that can be authenticated are issued System is authenticated and authenticated;

6) data that background system is sent to mobile terminal carry out the certification and authentication to terminal, such as pass through, then allow to use The application of family on the access device is logged in.

Further, a kind of the application login system and method based on mobile terminal that are provided are passed through to be a kind of based on eventually The development of the application registering service at end provides powerful guarantee, meets the requirement of user each side, lifts user friendly experience.

To achieve the above object, one aspect of the present invention provide a kind of application login system based on mobile terminal and Method, the system includes:

Background system is mainly included:

Registration and binding module, certification and authentication module, data module, update module, wherein, registration and binding module are born Blame the registration of user and the binding of user terminal and user identity;

System authentication and authentication module are responsible for certification and the authentication of user identity and terminal;

Data module is responsible for preserving user data and business datum;

Update module is responsible for system, the corresponding software upgrading of terminal and access equipment end and upgrading;

Mobile terminal is mainly included:

Registration and binding module, scanning and discovery module, authentication module, certification and authentication module, communication module update mould Block, wherein:

Registration and binding module are responsible for registration terminal and user profile to system, and system is bound;

Scanning and discovery module are responsible for according to short-distance wireless agreement, include bluetooth, WIFI-DIRECT, NFC short-distance wireless skill Art, scanning and discovery User logs in equipment, authentication module are responsible for the equipment room proof rule and verification algorithm set according to user To neighbouring other equipment, verify whether as believable equipment;

Authentication module is responsible for verifying whether the equipment on the periphery found is user's registration and setting for specifying according to verification algorithm It is standby;Authentication module is responsible for certification and the authorization data calculated according to the access information and terminal of user, to user and equipment It is authenticated and authenticates;

Communication module is responsible for carrying out the transmitted in both directions of communication and data with authenticated equipment;

Update module is responsible for interacting with system, upgrades and updates the software of end side;

Access equipment is included:Using login module, scanning and discovery module, authentication module, communication module, update module;

Wherein, login module is responsible for initiating to ask the logging request of system and the login authentication of terminal, scanning and discovery Module is responsible for scanning the mobile terminal on access equipment periphery, and mobile terminal can be scanned on access equipment periphery, verify mould Block is responsible for verifying whether the mobile terminal on the periphery found is user's registration and the terminal device bound, communication according to verification algorithm Module is responsible for carrying out the transmitted in both directions that communication carries out data with the terminal by checking, and update module is responsible for being handed over system Mutually, the software of upgrading and renewal access equipment side.

In one embodiment of a kind of application login system and method based on mobile terminal that the present invention is provided, this method Also include:

User obtains the user identity and corresponding access rights of system after system is registered, and uses the use obtained Family accesses identity information login system in terminal, and client terminals acquisition terminal characteristic is synchronized to system, obtains system Various data needed for the checking calculating of distribution, system binding user and mobile terminal, after binding success, user, which is set, to be accessed Proof rule between equipment and the equipment of mobile terminal.

Scanning of the equipment by short-distance wireless progress each other, discovering device, and according between user's set device Proof rule, comprising equipment room Validation Mode, comprising unidirectional or bi-directional device signature verification, password authentication, passes through testing for agreement Demonstrate,prove whether algorithm is credible come the equipment for verifying discovery, verification algorithm module is present in system, end as scalable software module On end and access equipment.

User opens application request login system, in the case where user's selection is logged in by mobile terminal checking, application Login is sent with the authenticated mobile terminal device for being present in periphery to having been found that while sending logging request to system Checking request, the mobile terminal that requests verification is crossed apply the logging request that user is contained in login authentication, request message Information.

System receives the logging request of application, the information asked according to User logs in, in system-computed certification and authentication Calculate, and inquire about the mobile terminal authentication and authentication calculations object information of the corresponding binding of logging request session of active user, It is compared with the result of calculation of system end, determines whether effective request that effective mobile terminal is sent, is such as effective Mobile terminal and authentication result of calculation unanimously then thinks that the request that mobile terminal is sent is effective, it is allowed to which user is in access equipment Log in, such as wait time-out if judge this User logs in request failure simultaneously loopback error message to access equipment.

Mobile terminal receives the login authentication solicited message of user, and mobile terminal is set according to the local security of user, Can be by the input of terminal in itself, mobile terminal input includes fingerprint recognition, gesture, the side that password and mobile terminal are supported Formula verifies user identity, simultaneously, additionally it is possible to is intervened without user and directly approves the solicited message of the authenticated terminal, according to The calculating that the certification of system agreement and authentication arithmetic and the calculating parameter of system distribution are authenticated and authenticated, by mobile terminal The data and login sessions information that certification and authentication calculations algorithm are calculated issue system and are authenticated and authenticate, and system is to movement The data that terminal is sent are authenticated and certification, are such as passed through, then allow user to be logged in application, otherwise refuse this login.

In one embodiment of a kind of application login system and method based on mobile terminal that the present invention is provided, this method Also include:

Certification and authentication module that each part is included, are authenticated and authenticate to user and mobile terminal, as The scalable module that one of each part of system arranges mutually is present, and its specific algorithm can be by system, movement eventually The update module of each part of end and access equipment carries out the upgrading and replacement of algorithm and function, and is not limited to specific Algorithm.

Specifically there is advantages below:

Password need not be inputted:

After registration and binding terminal is carried out, user is when needing login to apply, without defeated in access equipment such as computer Enter password or even can be logged in without user name is inputted, it is convenient for users without user's memory cipher.

Security is improved:

By certification and authentication arithmetic, calculating and submit respectively in end side and system side can be with the number of identification terminal identity According to system is compared the data of terminal and system and judged, username and password no longer needs to be passed on network Pass, improve the security used.

To prevent safety problem that the situation of lost terminal is present, end side can also further by mobile terminal from The input capability of body and checking device, comprising gesture, fingerprint recognition, the mode of Password Input verifies the user of terminal, enters One step ensures the safety of user.

Meanwhile, it is scalable software module to be responsible for checking equipment and the certification of user identity and authentication module, by soft The fixed different security algorithm of peace treaty can be used in part upgrading, is further ensured that safety.

Improve security in autonomous channel:

The login of traditional mode and the passage of data transfer are same passage, and the safety and transmission channel of computer all may There is risk, logging request and checking data channel are isolated into the data channel and mobile terminal of access equipment end such as computer such as The data channel of mobile phone terminal, it is difficult to eavesdrop two kinds of passages simultaneously, further increases security.

Automated log on, improves usage experience:

Pass through the automatically scanning and access end equipment such as computer and the mobile terminal such as hand of discovery registration and binding of equipment room After machine, PAD etc., the equipment by the registration that checking matching is permitted for user, you can automated log on, improving the business of user makes With experience.

Brief description of the drawings

Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:

Fig. 1 is present system modular structure schematic diagram.

Fig. 2 is present system user profile mapping association schematic diagram.

Fig. 3 is user's registration of the present invention and binding schematic flow sheet.

Fig. 4 is that present device verifies schematic flow sheet.

Fig. 5 is that the present invention publishes operation flow schematic diagram.

Fig. 6 is registering service schematic flow sheet of the present invention.

Embodiment

The present invention is described more fully with reference to the accompanying drawings, wherein illustrating the exemplary embodiment of the present invention.

To achieve the above object, it is proposed that a kind of application login system and method based on mobile terminal.

Below by way of with reference to accompanying drawing, embodiments of the present invention are described.

Realize that the key point of a kind of application login system based on mobile terminal and method is as follows:

User's registration and apparatus bound:

User is registered in system, system distributing user information and authority, after user registration success, in access equipment such as System is accessed by ad hoc mode on computer and mobile terminal, mobile terminal side gathers the characteristic information of user terminal, comprising Hardware characteristics data, software features data, hardware characteristics data take the data for obtaining and possessing uniqueness characteristic in equipment, comprising Access the CPU sequence numbers on host equipment such as computer, the SIM card ID in the hardware characteristics information such as MAC Address and mobile terminal The characteristic of the uniqueness such as information, fuselage code, the data such as termination number, or MAC Address, and software features data, it is such as soft The Key of the specific participation calculating of part type and edition data, and the calculating parameter that system is distributed, such as system distribution is to use Family, system is bound user profile and mobile terminal, alternatively whether is limited access equipment according to user and is bound access The computer that host equipment, such as user are used, license and equipment feature letter are logged in when device request accesses system by checking equipment Breath and calculating parameter, are delivered to system after these data are calculated according to mobile terminal authentication and authentication function and are verified, As, it is believed that this equipment is the credible equipment of user, it is the user to accept the equipment if.

Meanwhile, access equipment end such as computer and mobile terminal can also preserve the characteristic information of other side mutually, scanning and sending out Verified automatically during existing counterpart device, to reduce equipment connection and verification step, realize automatic connection and accelerate data exchange Speed.

Device scan and checking:

Access the end equipment such as computer and mobile terminal that user uses include bluetooth, WIFI- by short-distance wireless technology The mutual scanning phase of the technologies such as DIRECT, NFC or DLNA and discovery, after discovery, according to being set for unidirectional or two-way device authentication, Such as computer verifies that whether mobile phone is the mobile phone bound, or whether the computer equipment that mobile phone checking is found is that the host specified sets Standby, the equipment being verified just allows the interaction for carrying out data.

The mode of checking is comprising calculating Hash equipment characteristic value or in computer request access mobile terminal, and user is in terminal Input access code, comprising fingerprint recognition, gesture password, word password come strengthen access security, verified again after each The mode of cryptographic Hash carry out license connection.

Or the automatic mode for calculating and verifying is taken, the mobile terminal data preserved in binding is tested by access equipment Automatic connection after mobile terminal is demonstrate,proved to intervene without user.

The mode of acquiescence takes access equipment such as computer to verify the unidirectional authentication mode of mobile terminal, to facilitate user can be with Change different access computer equipments and access system.

A simple verification algorithm function is lifted, for example:HASH is (when need to verify the KEY+ of MAC Address+system distribution of equipment Between the parameter such as stamp+random number).

Need the equipment result that calculates algorithm and partial parameters of checking, such as the MAC Address of inquiry session message or with Message is sent to other side, and other side can be verified according to same algorithm.

The module of checking is software module that is scalable and updating, and system can be more when required by upgrading and update module The specific algorithm newly verified.

User logs in:

User logs in contains login of the user in host accesses equipment and the checking to mobile terminal.

User starts in host accesses equipment, such as computer using being logged in, logging request be sent to simultaneously system with It has been found that with authenticated mobile terminal device, login request message includes the feature of the access host equipment after calculating Value, optionally with name in an account book, the application message of login, the data such as timestamp, system is after the logging request of user is received, checking Whether it is legal login, such as user name exists in the system and whether specifies the access specified for validated user, or user Host equipment, waits the result to mobile terminal, such as the login authentication to mobile terminal please if for legal logging request Information is asked then to allow the login at access equipment end by certification and authentication.

Mobile terminal is received after the login request message of user, alternatively, verifies the logging request of the user, comprising logical Cross fingerprint recognition, gesture, access pin mode, it is legal access request to judge the request, or is set according to user, such as user Setting verifies and handles the login request message without fingerprint, gesture or password after terminal access, and according to arranging with system Identifying algorithm, the logging request data to user are calculated, and by the data after calculating and part initial parameter, such as time Stamp, random number is submitted to system with request message.

System is verified as user after the logging request to system is sent to mobile terminal, is waited in system end to user The certification of the mobile terminal of binding and authenticating result, if the terminal that success identity user binds within the time limit as defined in system is carried The logging request data of friendship then allow the User logs at access equipment end.

Certification and authentication:

Certification and authentication are responsible for the equipment to user, and comprising host accesses equipment, subscriber terminal equipment is authenticated and reflected Power, specific identifying algorithm exists in the form of scalable module, as long as system passes through the mode of upgrading, you can by each composition portion The certification and authentication module divided is upgraded and replaced.

Certification is by rear, and system can be authenticated by distribution authority during the user's registration of inquiring about corresponding device, and be permitted The logging request sent of family allowable on the access device is logged in.

A simply example is lifted, the specific authentication algorithm A algorithm that terminal is arranged with system, input parameter includes user name, Terminal characteristic information, the Client Key of system distribution, the parameter such as timestamp, random number calculates an algorithm values, and by this Calculated value is submitted to system with timestamp, end eigenvale, and system takes same identifying algorithm to be calculated and compared, and such as one Cause then thinks that the terminal passes through certification.

A simply example is lifted, arithmetic result and partial parameters can be submitted in the message:

HASH (user name+end eigenvale+Client Key+ random numbers), system end take same method calculate and Comparison, such as which part parameter, Client Key or end eigenvale are transmitted not in parameter, and system is being registered and bound When just have been saved in system end, system can be inquired by user name or ID, and security is strengthened with this.

End eigenvale is a characteristic of the unique GC group connector of energy, and its mapping object can include MAC, MSISDN, the value of unique GC group connector such as fuselage code, by these data alone or in combination by way of by mapping function such as Hash mapping to uniqueness and can not be reverse data.

Identifying algorithm can constantly be updated by update module of upgrading, and not necessarily take above-mentioned hash function Calculated, for example, the mode of public private-key digital signature can also be taken to ensure the security of message.

User publishes:

Traditional to publish pattern to exit manually or time-out is automatically exited from, in the present invention, user can still select Exit manually, i.e. user actively logs off state, can also auto-timeout exit, in addition, system is also supported from access The mobile terminal that equipment end is initiated reaches that time limit backed off after random, i.e. access equipment end or mobile terminal find that periphery is tested after going beyond the scope The equipment demonstrate,proved is rear not within the scope of to exceed the regular hour, can automatically initiate and publish flow, realize that user leaves access After equipment, as user was left after the computer regular hour, publish automatically.

Update and upgrade:

Each part of system includes renewal and upgraded module, when system needs to be upgraded, notifies each to constitute Part carries out the upgrading of module, updates and replace the software module of each part, comprising certification and authentication module, to ensure Update and security software continuous.

Main functional modules

As shown in figure 1, a kind of modular structure of application login system and method based on mobile terminal includes access equipment End, three parts of mobile terminal and system:

Access equipment end refers to apparatus such as computer, and user accesses system using access equipment, includes following module:

Data module 100:Data module is responsible for preserving the various data that the application of access equipment end is related to, can be with database Or the mode of file is present.

Upgrading update module 101:Upgrading update module is responsible for query software version and the upgrade command according to system end Conduct interviews and hold the software upgrade and update of application.

Scan module 102:Scan module is responsible for by short-distance wireless technology, comprising bluetooth, WIFI-DIRECT, WIFI, The wireless technologys such as NFC, scanning access equipment end, such as mobile terminal on computer equipment periphery, comprising mobile phone, PAD etc., obtains equipment List and request are accessed.

Device authentication module 103:Device authentication module is responsible for verifying that allowance meets checking to the equipment of request access The equipment access and progress data interaction of rule.

Register binding module 104:Registration binding module is responsible for user's registration of the user in the initiation at access equipment end, and The access equipment and user's corresponding relation of Request System user bound.

Login module 105:Access equipment end such as computer, user initiates the request module that application is logged in.

Communication module 106:Access equipment end is communicated with system and peripheral equipment, carries out the function mould of data interaction Block.

Mobile terminal side is included:

Device authentication module 107:Device authentication module is responsible for verifying that allowance meets checking to the equipment of request access The equipment access and progress data interaction of rule.

Upgrading update module 108:The software upgrading of mobile terminal side and upgraded module, are responsible for query software version and root The software upgrade and update of end side application is moved according to the upgrade command of system end.

Scan module 109:Scan module is responsible for by short-distance wireless technology, comprising bluetooth, WIFI-DIRECT, WIFI, The wireless technologys such as NFC, the equipment for scanning periphery, obtains list of devices and request is accessed.

Certification and authentication module 110:Responsible mobile terminal side thinks that system initiates certification and the request of authentication.

Register binding module 111:Registration binding module is responsible for user's registration of the user in the initiation of mobile terminal side, and Ask the mobile terminal device in system binding user.

Data module 112:Data module is responsible for preserving the various data that mobile terminal side application is related to, can be with database Or the mode of file is present.

Communication module 113:Mobile terminal side is communicated with system and peripheral equipment, carries out the function mould of data interaction Block.

The mobile data that the data transmission channel 114 and mobile terminal that data transmission channel is used comprising access equipment are used Transmission channel 115, is accessed comprising fixed data network and WIFI, accessing fixed broadband net such as fixed broadband net and by WIFI Mode or the data transmission channel using mobile communications network, the data channel of such as 3G nets.

System end includes following functional module:

Service access interface 116:

System end provides data access interface to access equipment end and mobile terminal or third-party application, by interface with being System is interacted.

Database 117:

System database, there is provided various data access functions for storage miscellaneous service data.

Business logic modules 118:

The logic of business functions module of system end, is interacted with each functional module, completes each service logic flow.

Registration and binding module 119:

The function services of user's registration are provided the user, are user's distribution account and authority, user bound and user are whole End or the mapping relations of access equipment, manage user.

Certification and authentication module 120:

Client-initiated logging request is authenticated and authenticated, comprising the certification to user and terminal and authentication, and root Permit according to certification and authenticating result or refusal user accesses system.

Management configuration module 121:

The management configuration functional module of system end, configures systematic parameter, system is managed.

Upgraded module 122:

It is responsible for the upgrading and renewal of the application of access equipment end and mobile terminal side, is indicated to initiate access equipment according to system The upgrading of end and mobile terminal updates.

OAUTH services 123:

System is optionally the functional module that third party provides the external service of certification and authentication.

System door 124:

System provides the user access and the approach using system, and user enters system by door, using business and Business is managed.

Fig. 2 is shown as present system user profile mapping association schematic diagram.

As illustrated, system user information mapping association schematically illustrates user profile and access equipment information and shifting The association of dynamic end message.

Wherein, custom system accounts information includes in information, figure necessary to User logs in and contains ID or user Name, during other some necessary information, such as last login that the password and logon account treated by Hash mapping is included Between, the information such as account status.

User account information is man-to-man relation by unidirectional mapping, i.e. user account information and mobile device, is closed It is linked in the information of mobile terminal and access equipment, figure, contains unidirectional mapping such as the access equipment that hash algorithm is treated Characteristic information, mobile terminal features information, the configured information for the authentication algorithm that system is taken, the algorithm parameter of system distribution Such as specific Key, the ID of the application of the current logging request of user of distribution, and some other expansible map information.

By way of unidirectionally mapping, system can calculate and judge the device map letter of mapping by authentication algorithm Breath judges whether the terminal device or access equipment of request are credible, so as to decide whether to allow a user to log into application.

Fig. 3 is shown as user's registration of the present invention and binding schematic flow sheet.

As illustrated, user's registration and binding flow are comprised the following steps:

Step 1:User is registered on the access device, obtains the accounts information of system distribution;

Step 2:Whether selected to bind access equipment, such as user's selection binding access equipment according to user, then collection is accessed Submit to system after the characteristic information of equipment end and processing, the key parameter that system is bound and distributed needed for identifying algorithm to The algorithm parameter Key of access equipment, such as system distribution;

Step 3:The flow at access equipment end terminates if user does not select to bind access equipment information;

Step 4:User signs in system on mobile terminals after succeeding in registration using identical accounts information;

Step 5:System is submitted to after the feature information processing for gathering mobile terminal, system is bound and distributes certification calculation Algorithm parameter Key of the key parameter to access equipment, such as system distribution needed for method;

In addition, explicable be, it is laggard that user can equally carry out registration acquisition user account information in mobile terminal side Row binding, flow is consistent with this flow, and the equipment for simply initiating registration changes into mobile terminal, and follow-up process is the same, and process is not Tire out again and state.

Fig. 4 is shown as present device checking schematic flow sheet.

As illustrated, device authentication process description is the unidirectional or two-way checking of equipment room, i.e. access equipment checking is moved Terminal or mobile terminal authentication-access equipment simultaneously are moved, the flow of binding and believable equipment is determined whether, following walk is included Suddenly:

Step 1:User opens the equipment near application, application scanning;

Step 2:Such as non-discovering device, then continue to scan on, such as find user's mobile device, user selects to initiate after the equipment Connection, access equipment end can then preserve the link information of the mobile device of this user selection, be used as the first choice of connection next time;

Step 3:Mobile device receives the connection request of access equipment initiation, according to user in advance on mobile terminals Security setting is connected, judges whether to need user to intervene connection procedure;

Step 4:Connection procedure is intervened if desired for user, user is on the interface of the connection request of mobile terminal, by referring to Line recognizes that gesture operation, or Password Input license are this time connected, such as correct, then this successful connection, as incorrect, does not permit Perhaps connect, point out error message, such as intervened without user, be then connected automatically to the mobile terminal;

Step 5:Such as successful connection, then set according to device authentication, exchange checking data progress unidirectional or two-way by testing Algorithm is demonstrate,proved to verify whether counterpart device is credible equipment;

Step 6:Such as it is proved to be successful, then it is credible equipment to approve counterpart device, it is allowed to the further operation such as transmission data, it is no Then this flow terminates, and otherwise reports error message.

Fig. 5 is shown as the present invention and publishes schematic flow sheet.

As illustrated, application publish process description is that the automatic of application that user logs on the access device publishes stream Journey, is comprised the following steps:

Step 1:In access equipment using the condition published of detection, comprising user in the application upper inactive time and Whether terminal device is also within valid analysing range;

Step 2:Detect that subscriber terminal equipment whether within the detection range of access equipment, is such as detected in access equipment end Mobile terminal does not reach that the regular hour is then applied to publish automatically within access and carries out explicit manually publish without user Operation, proceeds the detection operation in the range of mobile terminal if still in detection range;

Step 3:Access equipment detection user's does not reach the regular hour in the time of application activity, such as reaches, then certainly Dynamic publish carries out explicitly publishing operation manually without user, continues to detect the time that user is inactive if not up to;

Step 4:The application at access equipment end such as receives the display of user manually and publishes operation requests, then is published, Otherwise continue to detect that user publishes condition;

Wherein, step 3,4,5 can parallel detection, but can not also influence the technology of whole flow process to imitate for serial execution Really.

Give one example to illustrate user of the present invention a kind of application login system and method based on mobile terminal below Using flow, as shown in fig. 6, in the embodiment, operation flow comprises the following steps:

As illustrated, the Business Stream that registering service flow assists to be logged in for the user of the present invention using mobile terminal Journey, user need to only carry registration in advance and the mobile terminal bound, and be that quick registration can be achieved close to the host equipment logged in, Wherein, by short-distance wireless technology, preferred bluetooth can also take the short-distance wireless technologies such as WIFI-DIRECT or NFC to find With identification peripheral equipment.

As illustrated, registering service flow of the present invention is comprised the following steps:

Step 1:User starts at access equipment end to apply, and whether the terminal that access end device scan and checking are found is use Also authentication-access end equipment carries out bi-directional verification to the mobile terminal or mobile terminal that family is registered and bound, and such as finds registration and binds Mobile terminal then continue step 2, otherwise report error message;

Step 2:User asks to sign in system in the way of mobile terminal is verified in the application at access equipment end;

Step 3:Logging request is sent to system and the mobile device end equipment by checking by the application at access equipment end;

Step 4:System receives the logging request that user sends from access equipment end, waits testing for corresponding mobile terminal Demonstrate,prove result phase;

Step 5:Mobile terminal receives the logging request that user sends from application apparatus end, is calculated and recognized by identifying algorithm Card data simultaneously will can be sent to system in the data and request message of system end certification oneself;

Step 6:The result that the standby communication terminals such as system are submitted, such as within the term of validity of wait, is calculated by authentication Method determines whether the correct request message that legal terminal is submitted, and allows if for the request message of legal terminal submission The User logs at access equipment end, does not allow to be logged in if for illegal terminal, such as time-out, then the use of denied access equipment end Family is logged in;

Description of the invention is provided for the sake of example and explanation, and is not exhaustively or by the present invention It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Select and retouch State embodiment and be more preferably to illustrate the principle and practical application of the present invention, and one of ordinary skill in the art is managed The solution present invention is so as to design the various embodiments with various modifications suitable for special-purpose.

Claims (8)

1. a kind of application login method based on mobile terminal, it is characterised in that this method is based on applying login system as follows, should System includes background system, three parts of mobile terminal and access equipment, and methods described is comprised the following steps:
1) user registers in background system, user bound identity and mobile terminal, sets access equipment, mobile terminal, backstage system The proof rule of system each other;
2) user access device carries out mutual scanning discovery by short-distance wireless technology with customer mobile terminal and selected according to user Fixed certification mode, carries out the unidirectional or two-way authentication between equipment;
3) mobile terminal Validation Mode is selected when user logs in application on the access device, it is same that application request system is logged in When to finding and authenticated mobile terminal initiates logging request;
4) background system is received after the logging request of user, is calculated authentication data and inquiry in background system and is compared and moves Certification and authorization data that dynamic terminal is uploaded;
5) mobile terminal receives the checking request of user, mobile terminal according to security setting verify after user identity according to it is rear The certification of platform system agreement and authentication arithmetic, the data and landing request information of the mobile terminal identity that can be authenticated are issued Background system is authenticated and authenticated;6) data that background system is sent to mobile terminal carry out the certification and authentication to terminal, Such as pass through, then allow the application of user on the access device to log in.
2. the method as described in claim 1, user registers in background system, user bound identity and mobile terminal, set and visit Ask the proof rule between equipment, mobile terminal, background system, it is characterised in that user obtains after background system is registered The user identity and corresponding access rights of background system are obtained, and identity information is accessed using the user obtained and is logged in terminal System, client terminals acquisition terminal characteristic is synchronized to background system, and the checking for obtaining background system distribution calculates required Various data, background system user bound and mobile terminal, after binding success, user sets access equipment and mobile terminal Equipment between proof rule.
3. the method as described in claim 1, user access device is carried out mutual with customer mobile terminal by short-distance wireless technology The proof rule that scanning phase finds and set according to user, carries out the unidirectional or two-way authentication between equipment, it is characterised in that set The standby scanning carried out by short-distance wireless each other, discovering device, and according to the proof rule between user's set device, bag Validation Mode containing equipment room, comprising unidirectional or bi-directional device signature verification, password authentication, is verified by the verification algorithm of agreement It was found that equipment it is whether credible, verification algorithm module as scalable software module be present in background system, mobile terminal and In access equipment.
4. the method as described in claim 1, user selects mobile terminal Validation Mode when logging in application on the access device, should Logging request is initiated to discovery and authenticated mobile terminal, it is characterised in that user while login with Request System Application request login system is opened, in the case where user's selection is logged in by mobile terminal checking, is stepped on using being sent to system Record request while to have been found that with the authenticated mobile terminal device for being present in periphery send login authentication request, request Authenticated mobile terminal apply the landing request information that user is contained in login authentication, request message.
5. the method as described in claim 1, background system is received after the logging request of user, calculate and recognize at background system end Demonstrate,prove authorization data and inquire about and compare the authentication data that mobile terminal is uploaded, it is characterised in that background system is received should Logging request, the information asked according to User logs in calculates certification and authentication calculations, and inquire about current use in background system The mobile terminal authentication and authentication calculations object information of the corresponding binding of logging request session at family, the calculating with background system end As a result it is compared, determines whether effective request that effective mobile terminal is sent, is such as effective mobile terminal and certification Authentication calculations result unanimously then thinks that the request that mobile terminal is sent is effective, it is allowed to which user logs in access equipment, such as waits super When then judge this User logs in request failure and loopback error message is to access equipment.
6. the method as described in claim 1, mobile terminal receives the checking request of user, mobile terminal is according to security setting Verify after user identity, according to the certification and authentication arithmetic arranged with background system, will can authenticate the number of mobile terminal identity According to this and landing request information is issued background system and authenticated and certification, it is characterised in that mobile terminal receives user's Login authentication solicited message, mobile terminal is set according to the local security of user, can be mobile whole by the input of terminal in itself End input includes fingerprint recognition, and gesture, the mode that password and mobile terminal are supported verifies user identity, simultaneously, additionally it is possible to nothing User's intervention is needed directly to approve the solicited message of the authenticated terminal, according to the certification and authentication arithmetic arranged with background system The calculating that the calculating parameter distributed with background system is authenticated and authenticated, by the certification of mobile terminal and authentication calculations algorithm meter The data and login sessions information of calculation issue system and are authenticated and authenticate, and the data that background system is sent to mobile terminal are entered Row authentication and certification, such as pass through, then allow user to be logged in application, otherwise refuse this login.
7. a kind of application login system for performing method as claimed in claim 1, the system contains background system, mobile terminal With three parts of access equipment, it is characterised in that
Background system is mainly included:
Registration and binding module, certification and authentication module, data module, update module, wherein, registration and binding module are responsible for use The registration at family and the binding of user terminal and user identity;
Certification and authentication module are responsible for certification and the authentication of user identity and terminal;
Data module is responsible for preserving user data and business datum;
Update module is responsible for background system, the corresponding software upgrading of mobile terminal and access equipment end and upgrading;Mobile terminal master Comprising:
Registration and binding module, scanning and discovery module, authentication module, certification and authentication module, communication module, update module, Wherein:
Registration and binding module are responsible for registration terminal and user profile to background system, and background system is bound;Scanning and hair Existing module is responsible for according to short-distance wireless agreement, comprising bluetooth, WIFI-DIRECT, NFC short-distance wireless technology, and scanning and discovery are used Family logging device, authentication module is responsible for the equipment room proof rule set according to user and verification algorithm and neighbouring other is set It is standby, verify whether as believable equipment;
Authentication module is responsible for verifying whether the equipment on the periphery found is user's registration and the equipment specified according to verification algorithm;
Certification and authentication module are responsible for the certification calculated according to the access information and terminal of user and authorization data to user and set It is standby to be authenticated and authenticate;
Communication module is responsible for carrying out the transmitted in both directions of communication and data with authenticated equipment;
Update module is responsible for interacting with background system, upgrades and updates the software of end side;
Access equipment is included:Using login module, scanning and discovery module, authentication module, communication module, update module;
Wherein, login module is responsible for initiating to ask the logging request of background system and the login authentication of terminal, scanning and discovery Module is responsible for scanning the mobile terminal on access equipment periphery, and mobile terminal can be scanned on access equipment periphery, verify mould Block is responsible for verifying whether the mobile terminal on the periphery found is user's registration and the terminal device bound, communication according to verification algorithm Module is responsible for carrying out the transmitted in both directions that communication carries out data with the terminal by checking, and update module is responsible for carrying out with background system Interaction, upgrading and the software for updating access equipment side.
8. system as claimed in claim 7, it is characterised in that certification and authentication module that each part is included, to Family and mobile terminal are authenticated and authenticated, and are deposited as a scalable module of each part of login system is applied Algorithm can be carried out by the update module of background system, mobile terminal and access equipment each part in, its specific algorithm With the upgrading and replacement of function, and specific algorithm is not limited to.
CN201410144378.9A 2014-04-11 2014-04-11 A kind of application login system and method based on mobile terminal CN103888265B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410144378.9A CN103888265B (en) 2014-04-11 2014-04-11 A kind of application login system and method based on mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410144378.9A CN103888265B (en) 2014-04-11 2014-04-11 A kind of application login system and method based on mobile terminal

Publications (2)

Publication Number Publication Date
CN103888265A CN103888265A (en) 2014-06-25
CN103888265B true CN103888265B (en) 2017-07-25

Family

ID=50956993

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410144378.9A CN103888265B (en) 2014-04-11 2014-04-11 A kind of application login system and method based on mobile terminal

Country Status (1)

Country Link
CN (1) CN103888265B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107770150A (en) * 2017-08-25 2018-03-06 北京元心科技有限公司 Terminal protecting methdo and device

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9674768B2 (en) 2014-07-28 2017-06-06 Xiaomi Inc. Method and device for accessing wireless network
CN104185304B (en) * 2014-07-28 2015-12-30 小米科技有限责任公司 A kind of method and device accessing WI-FI network
CN105530224B (en) * 2014-09-30 2019-01-25 中国电信股份有限公司 The method and apparatus of terminal authentication
CN104349194A (en) * 2014-10-24 2015-02-11 深圳市嘉乐派科技有限公司 System and method for carrying out identity identification in Internet television box
CN105681261A (en) * 2014-11-19 2016-06-15 小米科技有限责任公司 Security authentication method and apparatus
CN104618401A (en) * 2015-03-10 2015-05-13 四川省宁潮科技有限公司 Real-name system-based wifi one-key logging method
CN104834867B (en) * 2015-04-01 2019-01-18 惠州Tcl移动通信有限公司 The method and system of electronic equipment privacy protection are realized based on bluetooth
CN104836794B (en) * 2015-04-01 2019-01-04 Tcl通讯科技(成都)有限公司 The method and system of electronic equipment privacy protection are realized based on WIFI hot spot
CN105447364B (en) * 2015-04-30 2019-01-25 上海眼神信息服务有限公司 The method, apparatus and system that remote biometric identification logs in
KR20170005287A (en) * 2015-07-02 2017-01-12 삼성전자주식회사 User device, method for setting password thereof, and operating method for setting and confirming password thereof
CN105099704B (en) * 2015-08-13 2018-12-28 上海博路信息技术有限公司 A kind of OAuth service based on bio-identification
CN105337997B (en) * 2015-11-30 2020-10-23 广州华多网络科技有限公司 Login method of application client and related equipment
CN105471891A (en) * 2015-12-28 2016-04-06 湖南蚁坊软件有限公司 Login method based on confidential order of trusted equipment
WO2017124523A1 (en) * 2016-01-24 2017-07-27 何兰 Information pushing method when file is accessed, and fingerprint system
CN107786338A (en) * 2016-08-25 2018-03-09 大连楼兰科技股份有限公司 Shared platform in dynamic password verification
CN107786326A (en) * 2016-08-25 2018-03-09 大连楼兰科技股份有限公司 Apply the sharing method in the verification of car networking dynamic password
CN107911364B (en) * 2017-11-16 2018-09-11 国网山东省电力公司 A kind of Verification System based on fingerprint recognition caching
CN108024249A (en) * 2017-11-30 2018-05-11 郑州云海信息技术有限公司 A kind of method and system for preventing wifi Brute Forces
CN108564688A (en) * 2018-03-21 2018-09-21 阿里巴巴集团控股有限公司 The method and device and electronic equipment of authentication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064535A (en) * 2007-04-12 2007-10-31 复旦大学 Intelligent authentication method and system based on close range wireless communication handset
CN101677442A (en) * 2008-09-17 2010-03-24 艾威梯科技(北京)有限公司 Method and equipment for automatically logging in application programs
CN103327487A (en) * 2012-03-19 2013-09-25 上海博路信息技术有限公司 Remote certification authentication service system
CN103378876A (en) * 2012-04-16 2013-10-30 上海博路信息技术有限公司 Bluetooth-based terminal unlocking method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130268687A1 (en) * 2012-04-09 2013-10-10 Mcafee, Inc. Wireless token device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064535A (en) * 2007-04-12 2007-10-31 复旦大学 Intelligent authentication method and system based on close range wireless communication handset
CN101677442A (en) * 2008-09-17 2010-03-24 艾威梯科技(北京)有限公司 Method and equipment for automatically logging in application programs
CN103327487A (en) * 2012-03-19 2013-09-25 上海博路信息技术有限公司 Remote certification authentication service system
CN103378876A (en) * 2012-04-16 2013-10-30 上海博路信息技术有限公司 Bluetooth-based terminal unlocking method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107770150A (en) * 2017-08-25 2018-03-06 北京元心科技有限公司 Terminal protecting methdo and device
CN107770150B (en) * 2017-08-25 2020-09-22 北京元心科技有限公司 Terminal protection method and device

Also Published As

Publication number Publication date
CN103888265A (en) 2014-06-25

Similar Documents

Publication Publication Date Title
US10223520B2 (en) System and method for integrating two-factor authentication in a device
US20200186536A1 (en) Graduated authentication in an identity management system
KR102117584B1 (en) Local device authentication
AU2013368375B2 (en) Apparatus for and method of multi-factor authentication among collaborating communication devices
US10230736B2 (en) Invisible password reset protocol
US20180241779A1 (en) Query system and method to determine authentication capabilities
US20170171755A1 (en) Authentication apparatus with a bluetooth interface
US20170316497A1 (en) Method for creating, registering, revoking authentication information and server using the same
US10116448B2 (en) Transaction authorization method and system
JP2018088292A (en) System and method for secure transaction process by mobile equipment
US20160269403A1 (en) Multi-factor user authentication
CN103959857B (en) Manage the mobile device application in wireless network
CN103597774B (en) The method and apparatus that machine to machine service is provided
EP2790370B1 (en) Authentication method and system oriented to heterogeneous network
US10515232B2 (en) Techniques for facilitating secure, credential-free user access to resources
CN102215221B (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
CN106471514B (en) Secure wireless charging
JP4848421B2 (en) Secure anonymous wireless LAN access mechanism
US7697920B1 (en) System and method for providing authentication and authorization utilizing a personal wireless communication device
CN107079034B (en) Identity authentication method, terminal equipment, authentication server and electronic equipment
EP1508236B1 (en) Method for authenticating a user to a service of a service provider
EP2939386B1 (en) Method and apparatus for single sign-on collaboration among mobile devices
EP1833219B1 (en) Methods, apparatus and software for using a token to calculate time-limited password within cellular telephone
CN101369893B (en) Method for local area network access authentication of casual user
WO2017028593A1 (en) Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant