The content of the invention
For this purpose, the present invention provides a kind of login authentication method based on gesture identification, apparatus and system, to try hard to solve or
Person at least alleviates existing at least one problem above.
According to an aspect of the invention, there is provided a kind of login authentication method based on gesture identification, this method is
Performed in one server, first server can by network and mobile terminal, second server, the 3rd server, using clothes
Business device is connected, including step:Sent by application server, user is received to ask to log in the logging request of third-party application, it is raw
Into event identifier, wherein logging request includes the authentication information with application identities, user identifier and auth type, wherein certification
Type is gesture identification;Authentication information is sent to second server, user corresponding with user identifier is returned to by second server
Cell-phone number;Push task is sent to the 3rd server, gives and uses so as to the message at the 3rd server push instruction display mandate interface
The corresponding mobile terminal of family cell-phone number;Event identifier is sent to application server, and sends the certification request for including authentication information
To mobile terminal;Receive gesture password being sent by mobile terminal, being collected on interface is authorized;And transmission includes gesture
The authentication information of password returns to user identifier and auth type to second server, by second server, and association user mark,
Event identifier and auth type, so that application server inquires about authentication result corresponding with user identifier according to event identifier.
Optionally, in the login authentication method according to the present invention based on gesture identification, authentication information is also comprising signature
Information, signing messages are that algorithm is encrypted to the transmission data including application identities, user identifier and auth type to obtain
It arrives.
Optionally, in the login authentication method according to the present invention based on gesture identification, authentication information is sent to second
Server is included by the step of second server return user mobile phone number corresponding with user identifier and auth type:Transmission is recognized
Information is demonstrate,proved to second server, so that whether second server verification signing messages is correct;And if be verified, receive by
The first verification message that two servers are sent, wherein, the first verification message includes user mobile phone number.
Optionally, in the login authentication method according to the present invention based on gesture identification, step is further included:Association user
Cell-phone number and event identifier, to determine the request type of active user according to the associated event identifier of user mobile phone number.
Optionally, in the login authentication method according to the present invention based on gesture identification, request is included in push task
Type.
Optionally, in the login authentication method according to the present invention based on gesture identification, transmission includes gesture password
Authentication information is included to second server by the step of second server return user identifier:Send recognizing comprising gesture password
Information is demonstrate,proved to second server, so that whether second server verification gesture password is correct;And if be verified, receive by
The second verification message that two servers are sent, wherein the second verification message includes user identifier and auth type.
Optionally, in the login authentication method according to the present invention based on gesture identification, push task is sent to the 3rd
Before the step of server, step is further included:Push verification is carried out to the 3rd server, if authentication failed, verification is sent and loses
Message is lost to application server.
According to another aspect of the present invention, a kind of login authentication device based on gesture identification is provided, device resides in
In first server, first server can pass through network and mobile terminal, second server, the 3rd server, application service
Device is connected, and device includes:Connection management unit asks login third party should suitable for receiving sent by application server, user
Logging request and sent by mobile terminal, the gesture password that collects on interface is authorized, be further adapted for sending certification
Information includes recognizing for gesture password to second server and reception by the user mobile phone number and transmission of second server return
Demonstrate,prove information to second server and receive by second server return user identifier and auth type, send event identifier to
Application server sends certification request to mobile terminal and sends push task to the 3rd server, so as to the 3rd server
Push instruction display authorizes the message at interface to give user mobile phone number corresponding mobile terminal, and wherein logging request and certification request be all
Comprising the authentication information with application identities, user identifier and auth type, and auth type is gesture identification, user mobile phone
It is number corresponding with user identifier;Information generating unit, suitable for after logging request is received, generating event identifier;And information
Associative cell, suitable for association user mark, event identifier and auth type, so as to application server according to event identifier inquiry with
The corresponding authentication result of user identifier.
Optionally, in the login authentication device according to the present invention based on gesture identification, authentication information is also comprising signature
Information, signing messages are that algorithm is encrypted to the transmission data including application identities, user identifier and auth type to obtain
It arrives.
Optionally, in the login authentication device according to the present invention based on gesture identification, connection management unit is further adapted for
Authentication information is sent to second server, verifies whether signing messages is correct by it, if being verified, receives the first verification and disappear
Breath, it includes user mobile phone numbers corresponding with user identifier.
Optionally, in the login authentication device according to the present invention based on gesture identification, information association unit is further adapted for
Association user cell-phone number and event identifier, to determine the request class of active user according to the associated event identifier of user mobile phone number
Type.
Optionally, in the login authentication device according to the present invention based on gesture identification, request is included in push task
Type.
Optionally, in the login authentication device according to the present invention based on gesture identification, connection management unit is further adapted for
The authentication information comprising gesture password is sent to second server, verifies whether gesture password is correct by it, if being verified,
The second verification message is received, it includes user identifiers and auth type.
Optionally, in the login authentication device according to the present invention based on gesture identification, further include:Push verification is single
Member, suitable for before push task is sent to the 3rd server, push verification is carried out to the 3rd server, if authentication failed,
Authentication failed message is sent to application server.
According to another aspect of the present invention, another login authentication method based on gesture identification is provided, method is
Performed in two servers, second server can by network and mobile terminal, first server, the 3rd server, using clothes
Business device is connected, including step:The first checking request that first server is sent is received, being included in the first checking request has application
The authentication information of mark, user identifier and auth type, authentication information is sent by first server from application server, user
Request logs in be obtained in the logging request of third-party application, and first server also generates and the associated event mark of logging request
Know;Whether authentication verification information is correct, if being verified, returns to user mobile phone number corresponding with user identifier to first service
Device, so that first server sends event identifier to application server and sends push task to the 3rd server, by the 3rd
Server push instruction display authorizes the message at interface to give user mobile phone number corresponding mobile terminal;First server is received to send
The second checking request, also comprising gesture password in the second checking request, wherein first server is sent comprising authentication information
After certification request is to mobile terminal, receive it is being sent by mobile terminal, on interface is authorized the gesture password that collects, send the
Two checking requests;And whether verification gesture password is correct, if being verified, returns to user identifier and auth type to the first clothes
Business device, by first server association user mark, event identifier and auth type, so that application server is looked into according to event identifier
Ask authentication result corresponding with user identifier.
Optionally, in the login authentication method according to the present invention based on gesture identification, authentication information is also comprising signature
Information, signing messages are that algorithm is encrypted to the transmission data including application identities, user identifier and auth type to obtain
It arrives.
It optionally, please receiving the first verification in the login authentication method according to the present invention based on gesture identification
The step for asking rear authentication verification information whether correct includes:Verify whether signing messages is correct by Encryption Algorithm.
It optionally, please receiving the second verification in the login authentication method according to the present invention based on gesture identification
Verify that the whether correct step of gesture password includes after asking:It is passed through according to the corresponding character of each node of gesture password and gesture
The order of node is crossed, judges whether the preset model of the gesture password and the user are consistent, thinks that verification is correct if consistent.
According to another aspect of the present invention, another login authentication device based on gesture identification is provided, device is resident
In second server, second server can by network and mobile terminal, first server, the 3rd server, using clothes
Business device is connected, and device includes:Connection management unit, suitable for receiving the first checking request sent by first server, first tests
Card request in include with application identities, user identifier and auth type authentication information, authentication information by first server from
Application server is sent, user asks to obtain in the logging request of login third-party application, and first server is further adapted for giving birth to
Into with the associated event identifier of logging request, when being verified return user mobile phone number to first server, so as to first service
Device sends event identifier to application server and sends push task to the 3rd server, is indicated by the 3rd server push aobvious
Show that the message for authorizing interface gives user mobile phone number corresponding mobile terminal, be further adapted for receiving and be tested by the second of first server transmission
Card request, comprising gesture password in the second checking request, wherein first server send the certification request comprising authentication information to
After mobile terminal, gesture password being sent by mobile terminal, being gathered on interface is authorized is received, sends the second checking request,
User identifier and auth type are returned to when being verified to first server, by first server association user mark, event mark
Knowledge and auth type, so that application server inquires about authentication result corresponding with user identifier according to event identifier;And information
Authentication unit, it is whether correct suitable for authentication verification information and gesture password.
Optionally, in the login authentication device according to the present invention based on gesture identification, authentication information is also comprising signature
Information, signing messages are that algorithm is encrypted to the transmission data including application identities, user identifier and auth type to obtain
It arrives.
Optionally, in the login authentication device according to the present invention based on gesture identification, Information Authentication unit is further adapted for
Verify whether signing messages is correct by Encryption Algorithm.
Optionally, in the login authentication device according to the present invention based on gesture identification, Information Authentication unit is further adapted for
Pass through the order of node according to the corresponding character of each node of gesture password and gesture, judge gesture password and the user
Whether preset model is consistent, thinks that verification is correct if consistent.
According to another aspect of the present invention, a kind of accession authorization system based on gesture identification is provided, system includes:
First server with the login authentication device as described above based on gesture identification;With as described above based on gesture knowledge
The second server of other login authentication device;3rd server, suitable for pushing the PUSH message of first server to mobile whole
End;The application server being connected with third-party application;And mobile terminal, disappeared suitable for analysis by the push of the 3rd server push
Breath, and obtain certification request to first server and be sent in the gesture password for authorizing and being gathered on interface to first server.
Login authentication scheme according to the present invention based on gesture identification ensures the security of user account by re-authentication, especially
It is when user needs to complete payment transaction when sensitive operations, is logged in by the way of gesture identification come certification;Further,
It is communicated between one server and application server by user identifier, so first server will not obtain user the 3rd
Account information in Fang Yingyong has further ensured the account number safety of user.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Fig. 1 is 100 organigram of mobile terminal according to an embodiment of the invention.With reference to Fig. 1, mobile terminal
100 include:Memory interface 102, one or more data processors, image processor and/or central processing unit 104, with
And peripheral interface 106.Memory interface 102, one or more processors 104 and/or peripheral interface 106 are either discrete member
Part can also be integrated in one or more integrated circuits.In the mobile terminal 100, various elements can pass through one or more
Communication bus or signal wire couple.Sensor, equipment and subsystem may be coupled to peripheral interface 106, to help reality
Existing multiple functions.For example, motion sensor 110, optical sensor 112 and range sensor 114 may be coupled to peripheral interface
106, to facilitate the functions such as orientation, illumination and ranging.Other sensors 116 can equally be connected with peripheral interface 106, such as fixed
Position system (such as GPS receiver), temperature sensor, biometric sensor or other sensor devices, it is possible thereby to help reality
Apply relevant function.
Camera sub-system 120 and optical sensor 122 can be used for the camera of convenient such as recording photograph and video clipping
The realization of function, wherein the camera sub-system and optical sensor for example can be charge coupling device (CCD) or complementary gold
Belong to oxide semiconductor (CMOS) optical sensor.It can help to realize by one or more radio communication subsystems 124
Communication function, wherein radio communication subsystem can include radio-frequency transmitter and transmitter and/or light (such as infrared) receiver
And transmitter.The particular design and embodiment of radio communication subsystem 124 can depend on what mobile terminal 100 was supported
One or more communication networks.For example, mobile terminal 100 can include being designed to support GSM network, GPRS network, EDGE
The communication subsystem 124 of network, Wi-Fi or WiMax network and BlueboothTM networks.Audio subsystem 126 can be with raising
Sound device 128 and microphone 130 are coupled, to help to implement the function of enabling voice, such as speech recognition, speech reproduction,
Digital record and telephony feature.
I/O subsystems 140 can include touch screen controller 142 and/or other one or more input controllers 144.
Touch screen controller 142 may be coupled to touch-screen 146.For example, the touch-screen 146 and touch screen controller 142 can be with
The contact carried out therewith and movement or pause are detected using any one of a variety of touch-sensing technologies, wherein sensing skill
Art includes but is not limited to capacitive character, resistive, infrared and surface acoustic wave technique.Other one or more input controllers 144
It may be coupled to other input/control devicess 148, such as one or more buttons, rocker switch, thumb wheel, infrared end
The pointer device of mouth, USB ports, and/or stylus etc.One or more of button (not shown)s can include being used for
The up/down button of 130 volume of controlling loudspeaker 128 and/or microphone.
Memory interface 102 can be coupled with memory 150.The memory 150 can be deposited including high random access
Reservoir and/or nonvolatile memory, such as one or more disk storage equipment, one or more optical storage apparatus and/
Or flash memories (such as NAND, NOR).Memory 150 can store an operating system 152, for example, Android, IOS or
The operating system of Windows Phone etc.The operating system 152 can include handling basic system services and execution
The instruction of task dependent on hardware.Memory 150 can also be stored using 154.These applications in operation, can be from memory
150 are loaded on processor 104, and are run on the operating system run via processor 104, and utilize operating system
And the interface that bottom hardware provides realizes the various desired functions of user, such as instant messaging, web page browsing, pictures management.
Using can be independently of operating system offer or operating system carries.
According to one embodiment of present invention, a kind of movement with the login authentication based on gesture identification is provided
Terminal 100, can be by arranging that the client application with the login authentication based on gesture identification realizes the function, the visitor
Family end application memory is in application 154.
Fig. 2 shows the accession authorization system 200 according to an embodiment of the invention based on gesture identification.This is
System 200 includes mobile terminal 100, first server 210, second server 220, the 3rd server 230 and application server
240, server for example can be the remote cloud server for being physically located at one or more places, and above equipment passes through network phase
It connects.According to one embodiment of present invention, above equipment can be bound by way of scanning the two-dimensional code.And the
Three servers 230 have APN pushing modules, such as the APN pushing modules contain based on iOS, Android,
The push of WindowsPhone;Application server 240 is used as third-party server, is connected with third-party application.
The workflow of the accession authorization system 200 based on gesture identification is described in detail below.For example, user is
Tripartite inputs account name and password using upper, when user needs completion payment, verifies when sensitive operations, as shown in Figure 7 A, selects
Select confirmation.In response to the logging request of user, third-party application generation login request message is sent to by application server 240
First server 210.According to embodiment of the present invention, included in the login request message:Application identities, Yong Hubiao
Knowledge, auth type and signing messages.According to one embodiment of present invention, by application identities, user identifier and auth type
It is referred to as authentication information.Wherein application identities are used to uniquely identify the identity of the application;Auth type is to determine this login
The type of certification, according to certain embodiments, auth type can be stepped on comprising recognition of face, gesture identification, Application on Voiceprint Recognition, a key
The modes such as record, can be the living things feature recognitions modes such as iris recognition, fingerprint recognition even more meticulously, implement in the present invention
In example, auth type refers to gesture identification;Signing messages is to include application identities, user identifier and certification class to authentication information
Transmission data including type are encrypted what algorithm obtained, and in order to ensure the interaction safety of system, all transmission data all need
It is subsidiary in the request that a signing messages is calculated by special algorithm.According to one embodiment of present invention, signing messages
Generation principle be:After interface parameters outside signing messages is sorted by parameter name dictionary, character is spliced by following form
String:
1 $ parameter name 2=$ parameter value 2... $ parameter name n=$ parameter value n $ app_key of $ parameter name 1=$ parameter values
Wherein, app_key is signed to request each time, to ensure the security of data.The word that will have been spelled again
Symbol string uses md5 encryption.
For example, it is assumed that when certain is once interacted, the data of transmission have:
$ app_id='Fqlw4Z2KCqHzvw3YN0eUpM9KgTQ47iWf';// application identities
$ app_key='qms7LwYXgw3FbnVdwYyA';// application signature
$ uid='2384249';// user identifier
$ auth_type='1';// auth type, such as it is gesture identification to represent auth type with 1
In addition to signing messages, there is the other three parameter:Application identities app_id, user identifier uid and auth type
Auth_type sorts by parameter name dictionary, and app_id is preceding, and auth_type second, uid are rear, then splicing character string:
' app_id='. $ app_id.'auth_type='. $ auth_type.'uid='. $ uid. $ app_key
Then, the character string of splicing is encrypted using MD5, has just obtained signing messages:
Md5 (' app_id='. $ app_id.'auth_type='. $ auth_type.'uid='. $ uid. $ app_
key)
It is worth noting that, the account name (such as username) of third-party application is prestored in application server 240
With the mapping relations between user identifier (such as uid), in this way, when user inputs username and password on third-party application
Afterwards, application server 240 searches its corresponding user identifier automatically, and user identifier is sent together with login request message
To first server 210, subsequent step is completed.That is, first server 210 will not obtain user in third-party application
Account information, communicated between first server 210 and application server 240 by user identifier, further ensure
User account safety.
When first server 210 receives logging request, event identifier is generated.Event identifier is for identifying each time
Request event according to one embodiment, after event identifier is obtained, can be obtained by calling/v1/event_result
Event result corresponding to event identifier.
The authentication information received is sent to second server 220 by first server 210, whether verifies the authentication information
Correctly, if being verified, the first verification message is sent to first server 210.Similarly, can also be attached in the authentication information
There is signing messages, second server 220 obtains the encrypted authentication information received one label using same md5 encryption algorithm
Name information, then compared with the signing messages received, if two signing messages are consistent, then be verified, transmission includes
User mobile phone number and the first verification message of auth type are to first server 210, and user mobile phone number is with user identifier
It is corresponding.It is user's mark for example, user mobile phone number is combined to obtain a character string with application identities by certain rule
Know.In the present invention, it is not restricted to calculating user mobile phone number and the method for user identifier correspondence.
First server 210 is after user mobile phone number is obtained, on the one hand, it is corresponding to inquire about user mobile phone number in the database
The mobile terminal logged in online, mobile phone, Pad etc., then first server 210 is by the information of the mobile terminal inquired
Push task is write, push task is then sent to the 3rd server 230.For example, the movement that prestores in first server 210
The device id of terminal, it is possible to will be in the device id write-in push task of online mobile terminal;On the other hand, by user mobile phone number
Associated with event identifier, as described above, event identifier can identify the request type of this request event, then,
According to incidence relation, it is possible to determine the request type of active user.
According to an embodiment, first server 210, be to before push task is sent to the 3rd server 230
3rd server carries out push verification, to ensure subsequently to push successfully.If authentication failed, send authentication failed message and taken to application
Business device 240.
After 3rd server 230 receives push task, PUSH message is pushed to by corresponding shifting by APN pushing modules
Dynamic terminal 100.According to one embodiment, PUSH message includes 3 kinds:Verification message, user gesture change message and other disappear
Breath.It is considered for propelling data security, the type of push is only carried in PUSH message, without specific data.Example
Such as, the type of PUSH message can be:Whether consenting user logging request, kick out of user to login page and display push away
Send message.In the present invention, the type of PUSH message is not limited, can be determined according to the demand of third-party application
Justice.As described above, APN pushing modules contain the push based on iOS, Android, WindowsPhone, push
The code of message is as follows:
iOS:
Android:
// using homing pigeon SDK
PushSingleDevice(data.did,msg,xinge.XingeApp.ENV_DEV)
WindowsPhone:
Headers=' ContentType':'text/xml','X-WindowsPhone-Target':'toast', '
X-NotificationClass':' 2'} // setting connection WindowsPhone push message formats
Headers [' ContentLength']=len (msg) // setting PUSH message length
R=requests.post (data.did, headers=headers, data=msg) // PUSH message
Also, first server 210 can also send event identifier to application server 240.Mobile terminal 100 receives
After above-mentioned PUSH message, the type of PUSH message is analyzed, for example current push-type can be:Whether agreement logs in, mobile whole
End 100 gets the certification request of the transmission of first server 210, then shows and authorizes interface, is equally included in the certification request
Authentication information.Mobile terminal 100 can show nine grids code keyboard, as shown in Figure 7 B, Yong Hu on interface is authorized at this time
Input gesture password on nine grids code keyboard.Optionally, mobile terminal 100 can define the length of gesture password input by user
At least to connect 4 nodes.User is touched the node in nine grids code keyboard by predetermined track, and " button " in point becomes
Color, mobile terminal 100 receive gesture password input by user from touch-screen and record the touch track of gesture password, then
Send it to first server 210.First server 210, can be by recognizing with gesture password after gesture password is received
Card information is sent to second server 220, verifies whether the gesture password is correct, if being verified, sends the second verification and disappears
It ceases to first server 210.According to the embodiment of the present invention, each node on nine grids code keyboard is marked relatively
The character answered, second server 220 judge that the node that the corresponding character of each node and gesture are passed through in gesture password is suitable
Sequence connects to obtain character string according to node sequence, after doing cryptographic calculation to character string, compared with preset model, recognizes if consistent
To be correct, it is verified.It is of course also possible to the coordinate position of node is chosen to generate mobile phone trajectory coordinates set by calculating.This
Embodiment has been merely given as calculating a kind of example of gesture password track, and the present invention is not limited for this.It should be noted that
It is that can not also be completed for the verification process of gesture password in second server 220, can arranges one dedicated for hand
Gesture identifies and matched background server, preset template is stored with, after second server 220 receives gesture password, by it
The background server is sent to, verification process is completed by it, verification result is returned into second server 220.In addition, on hand
Gesture identify and matching had many comparative maturities algorithm can refer to, the present invention be not intended to limit specifically using which kind of algorithm come
Verify whether gesture password is correct.
After first server 210 receives the user identifier of return, the user is identified to associate to establish with auth type and is reflected
Relation is penetrated, based on description before, user mobile phone number can be drawn according to user identifier, therefore, stored in first server
Contingency table on user mobile phone number, event identifier and auth type.Application server 240 can basis at predetermined time intervals
Event identifier is to 210 query event of first server as a result, and being obtained according to the mapping relations between user identifier and event identifier
To the corresponding user identifier of the event result, due to prestoring user identifier and third-party application account in application server 240
The mapping relations of name in an account book, so, application server 240 has finally just obtained the result that active user asks login authentication.So far,
User asks the operation of login authentication just to complete.
Login authentication scheme according to the present invention based on gesture identification ensures the safety of user account by re-authentication
Property, especially when user needs to complete payment transaction when sensitive operations, logged in by the way of gesture identification come certification;Into one
Step ground, is communicated between first server and application server by user identifier, so first server will not obtain use
Account information of the family in third-party application, has further ensured the account number safety of user.
Fig. 3 shows the flow of the login authentication method 300 according to an embodiment of the invention based on gesture identification
Figure.This method performs in first server 210, and first server 210 can be taken by network and mobile terminal 100, second
Being engaged in, device 220, the 3rd server 230, application server 240 are connected, and this method starts from step S310, receives by application server
240 is sending, user asks to log in the logging request of third-party application, generates event identifier, wherein logging request is included and had
The authentication information of application identities, user identifier and auth type.According to one embodiment of present invention, authentication information is also comprising label
Name information, according to the description of Fig. 2, signing messages is to the transmission number including application identities, user identifier and auth type
According to being encrypted what algorithm obtained.According to an embodiment of the invention, auth type is gesture identification.
Then in step s 320, authentication information is sent to second server 220, is returned and is used by second server 220
Family identifies corresponding user mobile phone number, and association user cell-phone number and event identifier, so as to associated according to user mobile phone number
Event identifier determines the request type of active user.Specifically, authentication information is sent to second server 220, so as to the second clothes
Business device 220 verifies whether signing messages is correct;If being verified, the first verification message sent by second server 220 is received,
Wherein, the first verification message includes user mobile phone number.
Then in step S330, push task is sent to the 3rd server 230, so that the push of the 3rd server 230 refers to
Show that display authorizes the message at interface to give user mobile phone number corresponding mobile terminal 100.According to one embodiment of present invention, push
Request type is included in task.It should be noted that in order to ensure push task can be pushed smoothly, push task is being sent to the
Before three servers 230, first server 210 first can carry out push verification to the 3rd server, if authentication failed, send
Authentication failed message is to application server 240.
Then in step S340, event identifier is sent to application server 240, and sends the certification for including authentication information
It asks to mobile terminal 100.
Then in step S350, gesture password being sent by mobile terminal, being collected on interface is authorized is received.
Then in step S360, the authentication information comprising gesture password is sent to second server 220, by second service
Device 220 returns to user identifier and auth type, and association user mark, event identifier and auth type, so as to application server
240 inquire about authentication result corresponding with user identifier according to event identifier.
Fig. 4 shows the signal of the login authentication device 400 according to an embodiment of the invention based on gesture identification
Figure.The device 400 is resided in first server 210, and first server 210 can pass through network and mobile terminal 100, second
Server 220, the 3rd server 230, application server 240 are connected, which includes:Connection management unit 410, information
Generation unit 420 and information association unit 430.
Connection management unit 410 is suitable for receiving sending, user's request login third-party application by application server 240
Logging request.Information generating unit 420 is suitable for after logging request is received, and generates event identifier.One according to the present invention
Embodiment, logging request includes the authentication information with application identities, user identifier and auth type, and authentication information also wraps
Containing signing messages, signing messages is that the transmission data including application identities, user identifier and auth type are encrypted
What algorithm obtained.According to the embodiment of the present invention, auth type is exactly gesture identification.
Connection management unit 410 is further adapted for sending authentication information to second server 220, and whether signing messages is verified by it
Correctly, if being verified, the verification message of first comprising user mobile phone number returned by second server 220 is received, and
User mobile phone number is corresponding with user identifier.Information association unit 430 is suitable for association the user's cell-phone number and event identifier, by
It is above-mentioned to understand, according to user mobile phone number and the mapping relations of event identifier, it may be determined that the request type of active user.
Then connection management unit 410 sends push task to the 3rd server 230, so that the 3rd server 230 pushes
Indicate that display authorizes the message at interface to give user mobile phone number corresponding mobile terminal 100.Such as the description of Fig. 2, wrapped in push task
Containing request type.According to one embodiment of present invention, the device 400 can also include one push authentication unit, suitable for
Before push task is sent to the 3rd server 230, push verification is carried out to the 3rd server 230, if authentication failed, is sent out
Authentication failed message is sent to application server 240.Connection management unit 410 retransmits event identifier after push task is sent
To application server 240 and certification request is sent to mobile terminal 100.Similarly, which also includes certification letter
Breath.
When connection management unit 410 receive by mobile terminal 100 it is sending, on interface is authorized the gesture password that gathers
When, the authentication information comprising above-mentioned gesture password is sent again to be returned to second server 220 and reception by second server 220
The user identifier and auth type returned.Information association unit is suitable for association user mark, event identifier and auth type, to answer
Authentication result corresponding with user identifier is inquired about according to event identifier with server 240.
Fig. 5 shows the flow of the login authentication method 500 in accordance with another embodiment of the present invention based on gesture identification
Figure.The method performs in second server 220, and second server 220 can pass through network and mobile terminal 100, first
Server 210, the 3rd server 230, application server 240 are connected.This method starts from step S510, receives first server
210 the first checking requests sent, the certification with application identities, user identifier and auth type is included in the first checking request
Information, and authentication information by first server 210 from application server 240 is sending, user asks to log in third-party application
Logging request in obtain, according to one embodiment, for authentication information also comprising signing messages, signing messages is to including using mark
Know, the transmission data including user identifier and auth type are encrypted what algorithm obtained.According to the embodiment of the present invention, recognize
It is exactly gesture identification to demonstrate,prove type.In addition, first server 210 also generates and the associated event identifier of logging request.
It then in step S520, verifies whether above-mentioned authentication information is correct, if being verified, returns and user identifier pair
The user mobile phone number answered to first server 210, so as to first server 210 send event identifier to application server 240 with
And transmission push task pushes instruction display by the 3rd server 230 and authorizes the message at interface to use to the 3rd server 230
The corresponding mobile terminal 100 of family cell-phone number.For the verification step of authentication information, consistent with Fig. 2 descriptions, details are not described herein again.
Then in step S530, the second checking request that first server 210 is sent is received, in the second checking request
Comprising authentication information, also comprising gesture password.According to a kind of embodiment, when first server 210 is sent comprising authentication information
Certification request to mobile terminal 100 after, receive by mobile terminal 100 is sending, the gesture that collects is close on interface is authorized
After code, above-mentioned second checking request is sent.
Then in step S540, whether verification gesture password is correct, if being verified, returns to user identifier to the first clothes
Business device 210, by 210 association user of first server mark, event identifier and auth type, so as to 240 basis of application server
Event identifier inquires about authentication result corresponding with user identifier.Equally, the step of verifying gesture password, no longer does and retouches in detail herein
It states.
Fig. 6 shows the signal of the login authentication device 600 in accordance with another embodiment of the present invention based on gesture identification
Figure.The device is resided in second server 220, which can pass through network and mobile terminal 100, first
Server 210, the 3rd server 230, application server 240 are connected, and device 600 includes:Connection management unit 610 and information are tested
Demonstrate,prove unit 620.
Connection management unit 610 is suitable for receiving the first checking request sent by first server 210, the first checking request
In include the authentication information with application identities, user identifier and auth type, the authentication information is by first server from application
Server is sent, user asks to obtain in the logging request of login third-party application, and the first server 210 is further adapted for
Generation and the associated event identifier of logging request.
Information Authentication unit 620 is suitable for verifying whether above-mentioned authentication information is correct when receiving the first checking request.It tests
User mobile phone number is returned to first server 210 by connection management unit 610 when card passes through, so that first server 210 is sent
Event identifier is to application server 240 and sends push task to the 3rd server 230, is referred to by the push of the 3rd server 230
Show that display authorizes the message at interface to give user mobile phone number corresponding mobile terminal 100.
Connection management unit 610 is further adapted for receiving the second checking request sent by first server 210, and the second verification please
Authentication information and gesture password are included in asking.One embodiment according to the present invention, first server 210 are sent comprising authentication information
Certification request to mobile terminal 100 after, receive by mobile terminal 100 it is sending, on interface is authorized the gesture password that gathers
Afterwards, above-mentioned second checking request is sent.
Information Authentication unit 620 is suitable for verifying whether above-mentioned gesture password is correct when receiving the second checking request.It tests
Card by when return to user identifier and auth type (namely gesture identification) to first server 210, by first server 210
Association user mark, event identifier and auth type, so that application server 240 is according to event identifier inquiry and user identifier pair
The authentication result answered.
According to one embodiment of present invention, Information Authentication unit 620 be by include application identities, user identifier and
After transmission data including auth type are encrypted, to verify whether signing messages is correct, illustrate authentication information if correct
Correctly, it is verified.
On the other hand, Information Authentication unit 620 by Gesture Recognition Algorithm to the gesture password that receives and the user
Preset template is compared, and thinks to be verified if comparing unanimously.Specific algorithm introduction, which can refer in this specification, to be based on
The description section of Fig. 2.
It should be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, it is right above
In the description of exemplary embodiment of the present invention, each feature of the invention be grouped together into sometimes single embodiment, figure or
In person's descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. claimed hair
The bright feature more features required than being expressly recited in each claim.More precisely, as the following claims
As book reflects, inventive aspect is all features less than single embodiment disclosed above.Therefore, it then follows specific real
Thus the claims for applying mode are expressly incorporated in the specific embodiment, wherein each claim is used as this hair in itself
Bright separate embodiments.
Those skilled in the art should understand that the modules or unit or group of the equipment in example disclosed herein
Part can be arranged in equipment as depicted in this embodiment or alternatively can be positioned at and the equipment in the example
In different one or more equipment.Module in aforementioned exemplary can be combined as a module or be segmented into addition multiple
Submodule.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.It can be the module or list in embodiment
Member or component be combined into a module or unit or component and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it may be employed any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Profit requirement, summary and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than other feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
In addition, be described as herein can be by the processor of computer system or by performing for some in the embodiment
The method or the combination of method element that other devices of the function are implemented.Therefore, have to implement the method or method
The processor of the necessary instruction of element forms to implement the device of this method or method element.In addition, device embodiment
Element described in this is the example of following device:The device is for implementing as in order to performed by implementing the element of the purpose of the invention
Function.
As used in this, unless specifically stated, come using ordinal number " first ", " second ", " the 3rd " etc.
Description plain objects are merely representative of the different instances for being related to similar object, and are not intended to imply that the object being so described must
Must have the time it is upper, spatially, in terms of sequence or given order in any other manner.
Although describing the present invention according to the embodiment of limited quantity, above description, the art are benefited from
It is interior it is clear for the skilled person that in the scope of the present invention thus described, it can be envisaged that other embodiments.Additionally, it should be noted that
The language that is used in this specification primarily to readable and introduction purpose and select rather than in order to explain or limit
Determine subject of the present invention and select.Therefore, in the case of without departing from the scope and spirit of the appended claims, for this
Many modifications and changes will be apparent from for the those of ordinary skill of technical field.For the scope of the present invention, to this
The done disclosure of invention is illustrative and not restrictive, and it is intended that the scope of the present invention be defined by the claims appended hereto.