CN105530224B - The method and apparatus of terminal authentication - Google Patents
The method and apparatus of terminal authentication Download PDFInfo
- Publication number
- CN105530224B CN105530224B CN201410515825.7A CN201410515825A CN105530224B CN 105530224 B CN105530224 B CN 105530224B CN 201410515825 A CN201410515825 A CN 201410515825A CN 105530224 B CN105530224 B CN 105530224B
- Authority
- CN
- China
- Prior art keywords
- terminal
- certification request
- user
- password
- account number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of method and apparatus of terminal authentication, it is related to mobile internet technical field, wherein, which comprises receive the first certification request that terminal is sent when user first logs into, first certification request carries user account, password and terminal iidentification;Judge that the password is account number cipher or temporary password;When the password is account number cipher, terminal is authenticated according to user account, account number cipher and the terminal iidentification that first certification request carries, access token corresponding with user account and account number cipher is issued to terminal after certification passes through, and the access token and the terminal iidentification are bound;The second certification request that terminal is sent when user logs on is received, the access token and terminal iidentification carried according to second certification request authenticates terminal.Safe terminal independent authentication may be implemented in the embodiment of the present invention.
Description
Technical field
The present invention relates to mobile internet technical field, especially a kind of method and apparatus of terminal authentication.
Background technique
With the development of internet technology, nowadays many users possess multiple terminals simultaneously, for example, mobile phone, tablet computer,
TV, PC etc..User may log in same operation system using multiple terminals, that is, make in different terminals
Same operation system is logged in identical account and password.
In a kind of method and system for realizing multiple terminals unified certification, when gateway receives access of the terminal to business platform
When request, the token that gateway saved itself, which be used for, authenticates is encapsulated into the business access request of terminal, and business access is asked
It asks and is transmitted to the business platform that terminal needs to access, after business platform receives business access request, handed over certificate server
Mutually, verification process is completed.
In a kind of authentication voucher uniform management method and system based on home gateway, information terminal carries out business authentication
When, the acquisition request of Service Ticket is sent to home gateway, home gateway is according to the corresponding Service Ticket of the request, hair
Give the information terminal of request, information terminal is recognized by the certificate server other than the Service Ticket that obtains internally network
Card.
But in the authentication techniques of both above multiple terminals, be substantially gateway or home gateway registering service system into
Row certification, then with terminals share logon rights, terminal only acts as operation interface in systems, do not have independent certification
Process.
Summary of the invention
One technical problem to be solved by the embodiment of the invention is that: a kind of method and apparatus of terminal authentication are provided, with
Realize the independent authentication of terminal.
Another technical problem to be solved of the embodiment of the present invention is: solving multiple terminals and is logged in using same account
Safety issue.
The method of a kind of terminal authentication provided in an embodiment of the present invention, comprising: receive terminal hair when user first logs into
The first certification request sent, first certification request carry user account, password and terminal iidentification;When the password is account
When password, terminal is authenticated according to user account, account number cipher and the terminal iidentification that first certification request carries,
Certification to terminal issues access token corresponding with user account and account number cipher after passing through, and by the access token and described
Terminal iidentification binding;The second certification request that terminal is sent when user logs on is received, according to second certification request
The access token and terminal iidentification of carrying authenticate terminal.
In one embodiment, when the password is temporary password, in first certification request user account,
Temporary password and terminal iidentification are verified, and the temporary password in first certification request is replaced with account after verification passes through
Number password issues access token corresponding with user account and account number cipher to terminal, and by the access token and the end
End mark binding.
In one embodiment, further includes: preset user account, account number cipher and terminal iidentification, the terminal mark
Knowledge can increase or delete.
In one embodiment, after the second certification request that reception terminal is sent when user logs on, further includes:
Judge whether the terminal has logon rights;When the terminal does not have logon rights, refusal is logged in;When the terminal has
When there are logon rights, executes the access token carried according to second certification request and terminal iidentification recognizes terminal
The operation of card.
In one embodiment, further includes: the logon rights of the terminal are managed, it is described management include cancel or
Restore the logon rights of the terminal.
In one embodiment, in user account, account number cipher and the terminal mark carried according to first certification request
After knowledge authenticates terminal, further includes: if certification does not pass through, and authenticate unacceptable the reason is that pre-set terminal
There is no the terminal iidentification in first certification request in mark, then sends alert messages to the terminal.
A kind of device of terminal authentication provided in an embodiment of the present invention, comprising: receiving unit, for receiving terminal in user
The first certification request sent when first logging into, first certification request carry user account, password and terminal iidentification;It receives
The second certification request that terminal is sent when user logs on, and issue authentication unit;Judging unit, for judging described
The password that one certification request carries is account number cipher or temporary password, and when the password is account number cipher by described first
Certification request is sent to authentication unit;Authentication unit, first certification request for being sent according to the judging unit are taken
User account, account number cipher and the terminal iidentification of band authenticate terminal, issue and user's account after certification passes through to terminal
Number access token corresponding with account number cipher, and the access token and the terminal iidentification are bound;It is single according to the reception
The access token and terminal iidentification that the second certification request that member is sent carries authenticate terminal.
In one embodiment, described device further include: verification unit;The judging unit is also used in the password
First certification request is sent to the verification unit when being temporary password;The verification unit, for judging unit
User account, temporary password and the terminal iidentification in the first certification request sent is verified, will be described after verification passes through
Temporary password in first certification request replaces with account number cipher, and issues the authentication unit.
In one embodiment, described device further include: setting unit, for presetting user account, account number cipher
And terminal iidentification, and it is sent to the authentication unit, the terminal iidentification can increase or delete.
In one embodiment, the receiving unit is also used in receive that terminal sends when user logs on the
After two certification requests, judge whether the terminal has logon rights;When the terminal does not have logon rights, refusal is stepped on
Record;When the terminal has logon rights, the second certification request received is sent to the authentication unit, so as to described
Authentication unit executes what the access token and terminal iidentification according to second certification request carrying authenticated terminal
Operation.
In one embodiment, described device further include: rights management unit, for the logon rights to the terminal into
Row management, the instruction for cancelling or restoring the logon rights of the terminal is sent to the receiving unit.
In one embodiment, described device further include: transmission unit is used in the authentication unit according to described first
User account, account number cipher and the terminal iidentification that certification request carries, which authenticate terminal, not to be passed through, and is authenticated and do not passed through
The reason of be to be sent to the terminal when there is no the terminal iidentification in first certification request in pre-set terminal iidentification
Alert messages.
The embodiment of the present invention proposes a kind of new certificate scheme for terminal, when user first logs into, by user's account
Number, the parameter of password and terminal iidentification as certification, access token is issued if authenticating successfully to user, is stepped on again in user
When record, using the access token saved and terminal iidentification as the parameter of certification, the independent authentication process of terminal is realized, and
And authenticated using access token and in conjunction with terminal iidentification, even if so that other terminals obtain access order by back door
Board also can not be by certification, so that a kind of safe terminal independent authentication process is realized, in addition, being not necessarily to when user logs on
Password is inputted, quick login is realized.
Below by drawings and examples, technical scheme of the present invention will be described in further detail.
Detailed description of the invention
It in order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will be to needed for embodiment
Attached drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention,
For those of ordinary skill in the art, without any creative labor, it can also obtain according to these attached drawings
Obtain other attached drawings.
Fig. 1 is the flow chart of method one embodiment of terminal authentication of the present invention;
Fig. 2 is the flow chart of another embodiment of the method for terminal authentication of the present invention;
Fig. 3 is the structural schematic diagram of device one embodiment of terminal authentication of the present invention;
Fig. 4 is the structural schematic diagram of another embodiment of the device of terminal authentication of the present invention;
Fig. 5 is the structural schematic diagram of another embodiment of the device of terminal authentication of the present invention;
Fig. 6 is the structural schematic diagram of another embodiment of the device of terminal authentication of the present invention;
Fig. 7 is the structural schematic diagram of another embodiment of the device of terminal authentication of the present invention;
Fig. 8 is the structural schematic diagram of the device further embodiment of terminal authentication of the present invention;
Fig. 9 is the schematic diagram of inventive network deployment.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Unless specifically stated otherwise, positioned opposite, the digital table of the component and step that otherwise illustrate in these embodiments
It is not limited the scope of the invention up to formula and numerical value.
Simultaneously, it should be appreciated that for ease of description, the size of various pieces shown in attached drawing is not according to reality
Proportionate relationship draw.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable
In the case of, the technology, method and apparatus should be considered as part of specification.
It is shown here and discuss all examples in, any occurrence should be construed as merely illustratively, without
It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, then in subsequent attached drawing does not need that it is further discussed.
With the very fast development of development of Mobile Internet technology, a case where user possesses multiple terminals, is very universal, multiple
Terminal, which is required to log in identical account, to be authenticated.For this application scenarios, be different from the prior art in by gateway into
And the way of composing of terminals share logon rights then, the invention proposes a kind of terminals that can be realized newly independently to recognize for row certification
The technical solution of card.For a certain business platform, user is firstly the need of registration user account, account number cipher and uses the use
One or more terminals of family account, such as user can register mobile phone, PC, electricity for same account in registration
Depending on multiple terminal iidentifications (ID) information such as, tablet computers.
Fig. 1 is the flow chart of method one embodiment of terminal authentication of the present invention.As shown in Figure 1, what the embodiment provided
The method of terminal authentication specifically comprises the following steps:
Step 101, the first certification request that terminal is sent when user first logs into is received, the first certification request, which carries, to be used
Family account, password and terminal iidentification.
Here, terminal iidentification illustratively can be mobile device world identification code (IMEI), mobile device identification code
(MEID), integrated circuit card identification code (ICCID) etc. can identify the information of terminal.
Wherein, password may be account number cipher or temporary password.Under normal conditions, account number cipher is registered by user
And use, and temporary password can be used by user's (such as forgetting to use when account number cipher) or other users.Other
When user is logged in using temporary password, user can be by any way, such as passes through phone, short message, mailbox, instant messaging etc.
Pre-set temporary password is informed into above-mentioned other users.
Step 103, the password for judging that the first certification request carries is account number cipher or temporary password.
In specific implementation, account number cipher and temporary password can be respectively set in the login interface of business service system
Input frame, what is carried according to the first certification request is that password in which input frame can determine that password is account number cipher or faces
When password.Alternatively, business service system login interface setting account and password input frame, while be arranged password authentification and
Temporarily two function options of verifying, the password that the first certification request carries under cryptographic authorization functions option is account number cipher,
The password that first certification request carries under interim authentication function option is temporary password.Illustratively, above-mentioned login interface can
To be, such as the form of portal website.Certainly, the present invention is not limited thereto.
Step 105, when password is account number cipher, according to the first certification request carry user account, account number cipher and
Terminal iidentification authenticates terminal, issues access corresponding with user account and account number cipher to terminal after certification passes through and enables
Board, and access token and terminal iidentification are bound.
A kind of implementation method that this step authenticates terminal are as follows: preset user account, account number cipher and terminal
Mark, and terminal iidentification can increase or delete, and the terminal after presetting just has access authority, then authenticates to first
User account, account number cipher and the terminal iidentification requesting the user account, account number cipher and the terminal iidentification that carry and pre-saving
It is compared, if unanimously, certification passes through;If it is inconsistent, certification does not pass through.It should be pointed out that since user mentions
The user account of preceding registration may correspond to multiple terminal iidentifications, with A indicate user account, B indicate account number cipher, C (C1, C2,
C3 etc.) indicate terminal iidentification, the information of user's registration may include such as (A, B, C1), (A, B, C2), (A, B, C3) etc..Into
Row above-mentioned comparison when, as long as the first certification request carry user account, account number cipher and terminal iidentification and pre-save it is more
Any one group in group information is consistent, can pass through certification.
Step 107, the second certification request that terminal is sent when user logs on is received, is taken according to the second certification request
The access token and terminal iidentification of band authenticate terminal.
In the present embodiment, when user first logs into, using user account, password and terminal iidentification as certification parameter,
Access token is issued if authenticating successfully to user, when user logs on, by the access token saved and terminal mark
Know the parameter as certification, realizes the independent authentication process of terminal, also, using access token and terminal iidentification is combined to carry out
Certification, so that other terminals can not be by certification, to realize a kind of peace obtaining access token by back door
Full terminal independent authentication process, in addition, realizing quick login without inputting password when user logs on.
In practical applications, other people might have the demand logged in using the account of user, but in order to avoid with
The disclosure of family account number cipher, user can authorize other people to be logged in temporary password.It is specifically described below and is recognized using temporary password
Card and the process logged in.
Fig. 2 is the flow chart of another embodiment of the method for terminal authentication of the present invention.In the present embodiment, user can be authorized
Other people use temporary password login user account by the terminal of unregistered mistake.As shown in Fig. 2, in addition to step shown in Fig. 1 it
Outside, the method for terminal authentication provided in this embodiment can also include the following steps: after step 103
Step 201, when password is temporary password, to user account, temporary password and the terminal in the first certification request
Mark is verified, and the temporary password in the first certification request is replaced with account number cipher after verification passes through, is issued to terminal
Access token corresponding with user account and account number cipher, and access token and terminal iidentification are bound.To realize other people
Pass through the purpose of temporary password login user account.
In a particular application, user can be set in advance temporary password, and unregistered terminal mark is added to registered
Registration information in, such as increase new registration information (A, B, C4).
After step 201, step 107 can be continued to execute, that is, after other people are logged in by temporary password, Ke Yizai
Secondary login user account, the process logged on is identical as situation shown in Fig. 1, and details are not described herein.In addition, user can set
The logon rights of other people terminal are limited with the login to other people, be will be detailed below.
Another embodiment of method as terminal authentication of the present invention receives terminal in step 107 and steps on again in user
After the second certification request sent when record, further include the steps that judging whether the terminal has logon rights: when terminal does not have
When having logon rights, refusal is logged in.When terminal has logon rights, executes in step 107 and carried according to the second certification request
Access token and terminal iidentification operation that terminal is authenticated.
By the above-mentioned means, under a kind of application scenarios, after user authorizes other people to be logged in temporary password, if user
Be not desired to it is above-mentioned other people log on user account, then can set the logon rights for other people above-mentioned terminal iidentifications, example
Logon rights as cancelled its terminal.Under another application scenarios, after user is first logged into using the terminal C1 of oneself, when the end
C1 not when controlling in range (such as loss) is held, is not necessarily to input password due to logging on, other people may use user
Terminal C1 illegally logged in, at this time user can to terminal C1 set logon rights by way of come limiting terminal C1's
Use, for example, can with temporal limitation, permanent limitation, at the appointed time limitation in section, in specified geographic location limitation, specified
The logon rights of IP address limiting terminal C1, concrete restriction mode can be configured according to user demand.Certainly, in user's sheet
When people needs to reuse terminal C1 and logs in, the logon rights of terminal C1 can also be restored again.
Another embodiment of method as terminal authentication of the present invention, according to the first certification in step 105 shown in Fig. 1
After user account, account number cipher and the terminal iidentification that request carries authenticate terminal, further includes: if certification does not pass through,
And authenticate unacceptable the reason is that there is no the terminal iidentification in the first certification request in pre-set terminal iidentification, then to end
End sends alert messages, is warned in real time with the illegal login of the terminal to unauthorized.Alternatively, can also be by the terminal iidentification
It is added to preset alert list, so that user traces illegally stepping on for the terminal of unauthorized as desired by alert list
Record.
Another embodiment of method as terminal authentication of the present invention, to the first certification request in step 201 shown in Fig. 2
In user account, temporary password and terminal iidentification verified after, further includes: if verification does not pass through, and verify obstructed
The reason of crossing is the terminal iidentification not having in the first certification request in pre-set terminal iidentification, then sends warning to terminal and disappear
Breath.The present embodiment can equally warn the illegal login of the terminal of the unauthorized logged in using temporary password.With
On similarly, can also will verify unacceptable terminal iidentification and be added to preset alert list, so that user is led to as needed
Alert list is crossed to trace the illegal login of the terminal of unauthorized.
In the various embodiments described above, the method for terminal authentication can be executed by server, according to the needs of actual deployment, service
Device can be deployed to one, can also be deployed to more, when being deployed to multiple servers, every server can be made to execute one
Partial function certificate server and authorizes right management server for example, being divided into, wherein step 101~107 can be by
Certificate server executes, and the process verified in step 201 using temporary password can be executed by right management server.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with its
The difference of its embodiment, the same or similar part cross-reference between each embodiment.For Installation practice
For, since it is substantially corresponding with embodiment of the method, so being described relatively simple, referring to the portion of embodiment of the method in place of correlation
It defends oneself bright.
Fig. 3 is the structural schematic diagram of device one embodiment of terminal authentication of the present invention.Terminal provided in this embodiment is recognized
The device of card can be used to implement method provided by the above embodiment.As shown in figure 3, it is specifically included: receiving unit 301, with
The judging unit 302 of receiving unit connection, the authentication unit 303 being connect respectively with receiving unit 301 and judging unit 302,
In:
Receiving unit 301, the first certification request sent for receiving terminal when user first logs into, the first certification are asked
It asks and carries user account, password and terminal iidentification;The second certification request that terminal is sent when user logs on is received, concurrently
To authentication unit 303.
Judging unit 302, the password for judging that the first certification request carries is account number cipher or temporary password, and
The first certification request is sent to authentication unit 303 when password is account number cipher.
Authentication unit 303, user account, account number cipher and the terminal iidentification for being carried according to the first certification request are to end
End is authenticated, and issues access token corresponding with user account and account number cipher to terminal after certification passes through, and will access
Token and terminal iidentification binding;The access token and terminal iidentification carried according to the second certification request that receiving unit 301 is sent
Terminal is authenticated.
In the present embodiment, when user first logs into, using user account, password and terminal iidentification as certification parameter,
Access token is issued if authenticating successfully to user, when user logs on, by the access token saved and terminal mark
Know the parameter as certification, realizes the independent authentication process of terminal, also, using access token and terminal iidentification is combined to carry out
Certification, so that other terminals can not be by certification, to realize a kind of peace obtaining access token by back door
Full terminal independent authentication process, in addition, realizing quick login without inputting password when user logs on.
Fig. 4 is the structural schematic diagram of another embodiment of the device of terminal authentication of the present invention.In the present embodiment, judging unit
302, it is also used to that the first certification request is sent to verification unit 401 when password is temporary password.Correspondingly, the present embodiment
Device further include:
Verification unit 401, the user account in the first certification request, temporary password for being sent to judging unit 302
It is verified with terminal iidentification, the temporary password in the first certification request is replaced with into account number cipher after verification passes through, concurrently
To authentication unit 303.
Fig. 5 is the structural schematic diagram of another embodiment of the device of terminal authentication of the present invention.With Fig. 3 illustrated embodiment phase
Than the present embodiment can also include:
Setting unit 501 for presetting user account, account number cipher and terminal iidentification, and is sent to authentication unit
303, here, terminal iidentification can increase or delete.
Fig. 6 is the structural schematic diagram of another embodiment of the device of terminal authentication of the present invention.With Fig. 3 illustrated embodiment phase
Than the present embodiment can also include: rights management unit 601, cancel or restore stepping on for terminal for sending to receiving unit 301
Record the instruction of permission.
Fig. 7 is the structural schematic diagram of another embodiment of the device of terminal authentication of the present invention.With Fig. 4 illustrated embodiment phase
Than the present embodiment can also include: rights management unit 601, be managed for the logon rights to terminal, to receiving unit
301 send the instruction for the logon rights for cancelling or restoring terminal.
In one embodiment, Fig. 6 or Fig. 7 is participated in, receiving unit 301 is also used to step on again in reception terminal in user
After the second certification request sent when record, judge whether terminal has logon rights;When terminal does not have logon rights, refuse
It logs in absolutely;When terminal has logon rights, the second certification request received is sent to authentication unit 303, to authenticate list
Member 303 executes the operation that the access token carried according to the second certification request and terminal iidentification authenticate terminal.
It should be pointed out that user can specify a terminal as super end in registration during specific implementation
End, can be with login user account and can be into the rights management unit of above-mentioned apparatus, and then to other by the hyper terminal
The terminal of registration carries out rights management or adds new terminal identification information.
Fig. 8 is the structural schematic diagram of the device further embodiment of terminal authentication of the present invention.With Fig. 3 illustrated embodiment phase
Than the present embodiment can also include: transmission unit 801, the user for being carried in authentication unit 303 according to the first certification request
Account, account number cipher and terminal iidentification, which authenticate terminal, not to be passed through, and is authenticated unacceptable the reason is that pre-set
When not having the terminal iidentification in the first certification request in terminal iidentification, alert messages are sent to terminal.Alternatively, can also will authenticate
Unacceptable terminal iidentification is sent to alarm unit, so that user traces the terminal of unauthorized as desired by alarm unit
Illegal login.Correspondingly, the present embodiment can also include alarm unit, for receiving the terminal mark of the transmission of transmission unit 801
Know and saves to alert list.
In one embodiment, transmission unit 801 is also used in verification unit 401 to user's account in the first certification request
Number, temporary password and terminal iidentification verified and do not passed through, and verified unacceptable the reason is that pre-set terminal iidentification
In when there is no the terminal iidentification in the first certification request, send alert messages to terminal.Alternatively, can also will authenticate unacceptable
Terminal iidentification is sent to alarm unit, so that user traces illegally stepping on for the terminal of unauthorized as desired by alarm unit
Record.Correspondingly, the present embodiment can also include alarm unit, for receiving terminal iidentification and the preservation of the transmission of transmission unit 801
To alert list.
The function of being realized in the device of the various embodiments described above is not limited to be realized with a device, also can use two
Or multiple independent equipment are realized, such as the function that receiving unit, judging unit and authentication unit are realized can use one
Hardware device, such as certificate server realize, and to can use another hard for verification unit and the function of rights management unit
Part equipment, such as permission server is authorized to realize.As shown in figure 9, for the schematic diagram of inventive network deployment.In Fig. 9
Each terminal has different permissions, specific as shown in table 1.Wherein, Y is indicated, N expression does not have.For hyper terminal,
It can be accessed by account number cipher, and there is administration authority, and other terminals do not have administration authority.For terminal
For 1, it can be accessed by account number cipher.For terminal 2, due to being taken by hyper terminal access entitlements and management
Business device is provided with the logon rights of terminal 2, and has sent corresponding logon rights limitation instruction to certificate server, therefore, eventually
End 2 cannot be accessed by account number cipher.And terminal 3 can be accessed by temporary password, detailed process can participate in
Process shown in Fig. 2.
Table 1
When the embodiment of the present invention first logs into user, using user account, password and terminal iidentification as the ginseng of certification
Number, issues access token to user, when user logs on, by the access token saved and terminal if authenticating successfully
Parameter of the mark as certification, realizes the independent authentication process of terminal, also, using access token and in conjunction with terminal iidentification into
Row certification, so that other terminals can not be by certification, to realize one kind obtaining access token by back door
The terminal independent authentication process of safety, in addition, realizing quick login without inputting password when user logs on.
In addition, the present invention is also equipped with following advantages:
1, in user's inconvenience login account, other people can be authorized to log in using temporary password, is used to avoid disclosing
The account number cipher at family.
2, to the terminal in range is not being controlled, the logon rights of terminal are can be set in user.
3, the illegal logon attempt of the terminal of unauthorized is warned.
Description of the invention is given for the purpose of illustration and description, and is not exhaustively or will be of the invention
It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.It selects and retouches
It states embodiment and is to more preferably illustrate the principle of the present invention and practical application, and those skilled in the art is enable to manage
The solution present invention is to design various embodiments suitable for specific applications with various modifications.
Claims (12)
1. a kind of method of terminal authentication characterized by comprising
The first certification request that reception terminal is sent when user first logs into, the first certification request carrying user account,
Password and terminal iidentification;
The password for judging that first certification request carries is account number cipher or temporary password;
When the password is account number cipher, the user account, account number cipher and the terminal that are carried according to first certification request
Mark authenticates terminal, issues access token corresponding with user account and account number cipher to terminal after certification passes through,
And the access token and the terminal iidentification are bound;
Receive the second certification request that terminal is sent when user logs on, the access carried according to second certification request
Token and terminal iidentification authenticate terminal.
2. the method according to claim 1, wherein
When the password is temporary password, to user account, temporary password and the terminal iidentification in first certification request
It is verified, the temporary password in first certification request is replaced with into account number cipher after verification passes through, is issued to terminal
Access token corresponding with user account and account number cipher, and the access token and the terminal iidentification are bound.
3. the method according to claim 1, wherein further include:
User account, account number cipher and terminal iidentification are preset, the terminal iidentification can increase or delete.
4. method according to claim 1 or 2, which is characterized in that receive terminal is sent when user logs on the
After two certification requests, further includes:
Judge whether the terminal has logon rights;
When the terminal does not have logon rights, refusal is logged in;
When the terminal has logon rights, the access token carried according to second certification request and terminal are executed
Identify the operation authenticated to terminal.
5. according to the method described in claim 4, it is characterized by further comprising:
The logon rights of the terminal are managed, the management includes the logon rights for cancelling or restoring the terminal.
6. the method according to claim 1, wherein in the user's account carried according to first certification request
Number, after account number cipher and terminal iidentification authenticate terminal, further includes:
If certification does not pass through, and authenticates unacceptable the reason is that not having first certification to ask in pre-set terminal iidentification
Terminal iidentification in asking then sends alert messages to the terminal.
7. a kind of device of terminal authentication characterized by comprising
Receiving unit, the first certification request sent for receiving terminal when user first logs into, first certification request
Carry user account, password and terminal iidentification;The second certification request that terminal is sent when user logs on is received, and is issued
Authentication unit;
Judging unit, the password for judging that first certification request carries is account number cipher or temporary password, and in institute
It states and first certification request is sent to authentication unit when password is account number cipher;
Authentication unit, user account, account number cipher and the terminal iidentification for being carried according to first certification request are to terminal
It is authenticated, issues access token corresponding with user account and account number cipher to terminal after certification passes through, and by the visit
Ask token and terminal iidentification binding;The access token carried according to the second certification request that the receiving unit is sent and end
End mark authenticates terminal.
8. device according to claim 7, which is characterized in that described device further include: verification unit;
The judging unit is also used to that first certification request is sent to the verification when the password is temporary password
Unit;
The verification unit, user account, temporary password and the terminal in the first certification request for being sent to judging unit
Mark is verified, and the temporary password in first certification request is replaced with account number cipher after verification passes through, to terminal
Access token corresponding with user account and account number cipher is issued, and the access token and the terminal iidentification are bound.
9. device according to claim 7, which is characterized in that further include:
Setting unit for presetting user account, account number cipher and terminal iidentification, and is sent to the authentication unit, institute
Stating terminal iidentification can increase or delete.
10. device according to claim 7 or 8, which is characterized in that the receiving unit is also used to exist in reception terminal
After the second certification request sent when user logs on, judge whether the terminal has logon rights;In the terminal
When without logon rights, refusal is logged in;When the terminal has logon rights, the second certification request received is sent
To the authentication unit, so that the authentication unit executes the access token carried according to second certification request and end
The operation that end mark authenticates terminal.
11. device according to claim 10, which is characterized in that further include:
Rights management unit is managed for the logon rights to the terminal, is cancelled to receiving unit transmission or extensive
The instruction of the logon rights of the multiple terminal.
12. device according to claim 7, which is characterized in that further include:
Transmission unit, user account, account number cipher for being carried in the authentication unit according to first certification request and
Terminal iidentification, which authenticates terminal, not to be passed through, and authenticates unacceptable the reason is that not having institute in pre-set terminal iidentification
When stating the terminal iidentification in the first certification request, alert messages are sent to the terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410515825.7A CN105530224B (en) | 2014-09-30 | 2014-09-30 | The method and apparatus of terminal authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410515825.7A CN105530224B (en) | 2014-09-30 | 2014-09-30 | The method and apparatus of terminal authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105530224A CN105530224A (en) | 2016-04-27 |
| CN105530224B true CN105530224B (en) | 2019-01-25 |
Family
ID=55772211
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410515825.7A Active CN105530224B (en) | 2014-09-30 | 2014-09-30 | The method and apparatus of terminal authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105530224B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106921636B (en) * | 2015-12-28 | 2020-05-08 | 华为技术有限公司 | Identity authentication method and device |
| CN105744524B (en) * | 2016-05-06 | 2019-03-22 | 重庆邮电大学 | Mobile device networking authentication method in a kind of WIA-PA industry wireless network |
| CN106131021B (en) * | 2016-07-15 | 2020-11-10 | 北京元支点信息安全技术有限公司 | Request authentication method and system |
| CN106656985B (en) * | 2016-10-25 | 2020-03-10 | Oppo广东移动通信有限公司 | Backup account login method, device and system |
| CN106712933A (en) * | 2016-11-21 | 2017-05-24 | 北京洋浦伟业科技发展有限公司 | Identity authentication method and device based on mobile Internet terminal |
| CN108616885A (en) * | 2016-12-06 | 2018-10-02 | 中兴通讯股份有限公司 | a kind of authentication method and device |
| CN106657068A (en) * | 2016-12-23 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Login authorization method and device, login method and device |
| US10880332B2 (en) * | 2017-04-24 | 2020-12-29 | Unisys Corporation | Enterprise security management tool |
| CN109150787A (en) * | 2017-06-13 | 2019-01-04 | 西安中兴新软件有限责任公司 | A kind of authority acquiring method, apparatus, equipment and storage medium |
| CN107623701B (en) * | 2017-10-31 | 2020-07-14 | 江苏神州信源系统工程有限公司 | Fast safety authentication method and device based on 802.1X |
| CN107864475B (en) * | 2017-12-20 | 2021-05-28 | 中电福富信息科技有限公司 | WiFi (Wireless Fidelity) shortcut authentication method based on Portal + dynamic password |
| CN108965275B (en) * | 2018-07-03 | 2021-06-08 | 福建天晴数码有限公司 | Method and system for experiencing game |
| CN108965284A (en) * | 2018-07-06 | 2018-12-07 | 佛山市灏金赢科技有限公司 | A kind of information processing method and device by cryptographic acess |
| CN108965335B (en) * | 2018-09-07 | 2022-07-08 | 平安科技(深圳)有限公司 | Method for preventing malicious access to login interface, electronic device and computer medium |
| CN109450917B (en) * | 2018-11-28 | 2021-11-26 | 珠海金山网络游戏科技有限公司 | Account login method and device, computing equipment and storage medium |
| CN109803159A (en) * | 2018-12-17 | 2019-05-24 | 视联动力信息技术股份有限公司 | A kind of verification method and system of terminal |
| CN110519130B (en) * | 2019-07-16 | 2021-06-29 | 中移(杭州)信息技术有限公司 | Equipment network access method and system |
| CN111181913B (en) * | 2019-09-23 | 2022-02-18 | 腾讯科技(深圳)有限公司 | Information verification method and device |
| CN110519056B (en) * | 2019-10-11 | 2023-02-07 | 广东虹勤通讯技术有限公司 | Login method, password generation method and related devices thereof |
| CN112069486B (en) * | 2020-09-01 | 2023-05-12 | 中国联合网络通信集团有限公司 | Multi-device account login method, account platform and first device |
| CN112149108A (en) * | 2020-09-15 | 2020-12-29 | 京东数字科技控股股份有限公司 | Access control method, device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521577A (en) * | 2009-04-01 | 2009-09-02 | 中国电信股份有限公司 | Method, system and home gateway for authentication voucher uniform management based on home gateway |
| CN102413112A (en) * | 2010-09-26 | 2012-04-11 | 深圳市闪联信息技术有限公司 | Method, association server and system for realizing association of equipment |
| CN103188076A (en) * | 2011-12-27 | 2013-07-03 | 中国移动通信集团江苏有限公司 | Method and system for achieving multi-terminal unified authentication |
| CN103618717A (en) * | 2013-11-28 | 2014-03-05 | 北京奇虎科技有限公司 | Multi-account client information dynamic authentication method, device and system |
| CN103888265A (en) * | 2014-04-11 | 2014-06-25 | 上海博路信息技术有限公司 | Login system and method based on mobile terminal |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101442136B1 (en) * | 2009-08-31 | 2014-09-18 | 차이나 모바일 커뮤니케이션즈 코포레이션 | Service access method, system and device based on wlan access authentication |
| US20120110640A1 (en) * | 2010-11-02 | 2012-05-03 | Donelson Loren J | Method, apparatus and system for wireless network authentication through social networking |
-
2014
- 2014-09-30 CN CN201410515825.7A patent/CN105530224B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521577A (en) * | 2009-04-01 | 2009-09-02 | 中国电信股份有限公司 | Method, system and home gateway for authentication voucher uniform management based on home gateway |
| CN102413112A (en) * | 2010-09-26 | 2012-04-11 | 深圳市闪联信息技术有限公司 | Method, association server and system for realizing association of equipment |
| CN103188076A (en) * | 2011-12-27 | 2013-07-03 | 中国移动通信集团江苏有限公司 | Method and system for achieving multi-terminal unified authentication |
| CN103618717A (en) * | 2013-11-28 | 2014-03-05 | 北京奇虎科技有限公司 | Multi-account client information dynamic authentication method, device and system |
| CN103888265A (en) * | 2014-04-11 | 2014-06-25 | 上海博路信息技术有限公司 | Login system and method based on mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105530224A (en) | 2016-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105530224B (en) | The method and apparatus of terminal authentication | |
| CN108684041B (en) | System and method for login authentication | |
| US10116448B2 (en) | Transaction authorization method and system | |
| CN108111473B (en) | Unified management method, device and system for hybrid cloud | |
| CN102457507B (en) | Cloud computing resources secure sharing method, Apparatus and system | |
| EP3208732A1 (en) | Method and system for authentication | |
| CN101227468B (en) | Method, device and system for authenticating user to network | |
| US20140245417A1 (en) | Centralized secure management method of third-party application, system and corresponding communication system | |
| CN104202338B (en) | A kind of safety access method being applicable to enterprise-level Mobile solution | |
| Sanda et al. | Proposal of new authentication method in Wi-Fi access using Bitcoin 2.0 | |
| CN105187431A (en) | Log-in method, server, client and communication system for third party application | |
| CN104054321A (en) | Security management for cloud services | |
| CN103780580B (en) | Method, server and system for providing capability access strategy | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| US11165768B2 (en) | Technique for connecting to a service | |
| KR101631635B1 (en) | Method, device, and system for identity authentication | |
| CN104735054A (en) | Digital family equipment trusted access platform and authentication method | |
| Morii et al. | Research on integrated authentication using passwordless authentication method | |
| EP3062254A1 (en) | License management for device management system | |
| EP3337125B1 (en) | Authenticating for an enterprise service | |
| KR101627896B1 (en) | Authentication method by using certificate application and system thereof | |
| JP2018022941A (en) | Management system, management server and management program | |
| CN109802927B (en) | Security service providing method and device | |
| CN107528810A (en) | A kind of method and device for logging in Cloud Server | |
| CN111064695A (en) | Authentication method and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |