CN105812138A - Logging-in processing method, processing device, user terminal, and logging-in system - Google Patents

Logging-in processing method, processing device, user terminal, and logging-in system Download PDF

Info

Publication number
CN105812138A
CN105812138A CN201410849669.8A CN201410849669A CN105812138A CN 105812138 A CN105812138 A CN 105812138A CN 201410849669 A CN201410849669 A CN 201410849669A CN 105812138 A CN105812138 A CN 105812138A
Authority
CN
China
Prior art keywords
authentication
application client
client
verification
identity information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410849669.8A
Other languages
Chinese (zh)
Other versions
CN105812138B (en
Inventor
陈智勇
谢永方
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201410849669.8A priority Critical patent/CN105812138B/en
Publication of CN105812138A publication Critical patent/CN105812138A/en
Application granted granted Critical
Publication of CN105812138B publication Critical patent/CN105812138B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a logging-in processing method, a processing device, a user terminal, and a logging-in system. The logging-in processing method is characterized in that a verification device is used to receive a user identity information corresponding to a user terminal transmitted by an authentication client and an authentication state of a user terminal; the verification device is used to receive the registration request transmitted by an application client; the verification device is used to verify the application client according to the attribute information, and after the verification is passed, the successful registration information can be transmitted to the application client, and then the application client can be notified to log in; the verification device is used to transmit the authentication state and the user identity information after receiving the logging-in information transmitted by the application client, and then after the successful authentication is confirmed, the application client is used to transmit the successful logging-in information comprising the user identity information to an application server to log in the application server, and therefore the load of the authentication server can be reduced.

Description

Login processing method and device, user terminal and login system
Technical Field
The embodiment of the invention relates to a communication technology, in particular to a login processing method, a login processing device, a user terminal and a login system.
Background
Single Sign On (SSO) is a solution for integrating business of enterprises that users can access all mutually trusted application systems only by logging on one system once in a plurality of application systems, such as a microblog system, a mail system, a panning system, a wechat system, etc.
Fig. 1 is a schematic view of an application scenario of a single sign-on method in the prior art. As shown in fig. 1, the scenario includes an authentication server 1, an application server 2, an authentication client 3, and an application client 4, where the authentication client 3 and the application client 4 are located in the same user terminal. The authentication client 3 sends the user identity information of the user terminal to the authentication server 1, the authentication server 1 compares the user identity information with a user information base, login authentication is carried out on the user, after the authentication is successful, the authentication service 1 generates a uniform authentication mark (token) and sends the token to the authentication client 3, the authentication client 3 sends the token to the application client 4, when the application client 4 logs in, the token is sent to the application server 2, the application server 2 sends the token to the authentication server, the authentication server 2 checks and identifies the sent token, after the check is passed, the authentication result is sent to the application server 2, and the application server 2 sends the authentication result to the application client 4.
However, since a plurality of application clients exist in one user terminal, when each application client logs in, a token needs to be checked in the authentication server, so that the load of the authentication server is large, and the authentication speed is slow.
Disclosure of Invention
The embodiment of the invention provides a login processing method, a login processing device, a user terminal and a login system, which effectively reduce the workload of an authentication server, thereby reducing the load of the authentication server and accelerating the speed of single sign-on authentication.
A first aspect of an embodiment of the present invention provides a login processing method, where the login processing method is applied to a verification apparatus, and the verification apparatus, an authentication client, and an application client are located in a same user terminal, where the login processing method includes:
the verification device receives user identity information corresponding to the user terminal and an authentication state of the user terminal, which are sent by the authentication client, wherein the authentication state indicates a result of authentication of the user identity information by the authentication server;
the verification device receives a registration request sent by the application client; wherein the registration request includes attribute information of the application client;
the verifying device verifies the application client according to the attribute information and sends a registration success message to the application client after the verification is passed so as to inform the application client to log in;
and after receiving the login message sent by the application client, the verification device sends the authentication state and the user identity information to the application client, so that the application client sends a login success message comprising the user identity information to an application server to log in the application server after confirming that the authentication is passed.
In a first possible implementation manner of the first aspect, the verifying, by the verifying device, the verifying the application client according to the attribute information specifically includes:
the checking device inquires the mapping relation between the checking mode and the attribute information and acquires the checking mode corresponding to the attribute information of the application client; the mapping relation is obtained from an authentication server through an authentication client;
and the verifying device verifies the application client according to the verifying mode corresponding to the attribute information of the application client.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the attribute information is a message digest algorithm MD5 value, a process name, or signature information of a process.
A second aspect of the embodiments of the present invention provides a login processing method, where the login processing method is applied to an authentication client, and the authentication client, a verification device, and an application client are located in a same user terminal, including:
the authentication client sends user identity information corresponding to the user terminal to an authentication server so that the authentication server authenticates the user identity information;
the authentication client receives an authentication state of the user terminal sent by the authentication server, wherein the authentication state indicates a result of the authentication server authenticating the user identity information;
and the authentication client sends the user identity information and the authentication state to a verification device, so that the verification device sends the user identity information and the authentication state to the application client after the application client is verified by the verification device.
In a first possible implementation manner of the second aspect, after the authenticating client receives the authentication status of the user terminal sent by the authentication server, the method further includes:
the authentication client acquires a mapping relation between a verification mode and attribute information from an authentication server;
and the authentication client sends the mapping relation between the checking mode and the attribute information to the checking device so that the checking device checks the application client according to the checking mode corresponding to the attribute information of the application client.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the attribute information is a message digest algorithm MD5 value, a process name, or signature information of a process.
A third aspect of the embodiments of the present invention provides a login processing apparatus, including:
the receiving module is used for receiving user identity information corresponding to the user terminal and sent by the authentication client and the authentication state of the user terminal; the authentication state indicates the result of the authentication of the user identity information by the authentication server;
the receiving module is further used for receiving a registration request sent by the application client; wherein the registration request includes attribute information of the application client;
the verification module is used for verifying the application client according to the attribute information and triggering the sending module to send a registration success message to the application client after the verification is passed so as to log in the application client;
the receiving module is further configured to receive a login message sent by the application client;
the sending module is further configured to send the authentication status and the user identity information to the application client, so that the application client sends a login success message including the user identity information to an application server to log in the application server after confirming that the authentication is passed.
In a first possible implementation manner of the third aspect, the checking module includes a querying unit and a processing unit;
the query unit is used for querying the mapping relation between the verification mode and the attribute information and acquiring the verification mode corresponding to the attribute information of the application client; the mapping relation is obtained from an authentication server through an authentication client;
and the processing unit is used for verifying the application client according to the verification mode corresponding to the attribute information of the application client.
A fourth aspect of the present invention provides a login processing apparatus, including: the system comprises a sending module, a receiving module and an authentication module; wherein,
the authentication module sends user identity information corresponding to a user terminal to an authentication server through the sending module so that the authentication server authenticates the user identity information;
the authentication module receives the authentication state of the user terminal sent by the authentication server through the receiving module, wherein the authentication state indicates the result of the authentication server for authenticating the user identity information;
the authentication module further sends the user identity information and the authentication state to the verification device through the sending module, so that the verification device sends the user identity information and the authentication state to the application client after the verification of the application client is passed.
In a first possible implementation manner of the fourth aspect, the authentication module further obtains, by the receiving module, a mapping relationship between the verification manner and the attribute information from an authentication server;
the authentication module further sends the mapping relation between the verification mode and the attribute information to a verification device through the sending module, so that the verification device verifies the application client according to the verification mode corresponding to the attribute information of the application client.
A fifth aspect of the embodiments of the present invention provides a user terminal, including an authentication client, a verification apparatus, and an application client;
the authentication client is used for sending user identity information corresponding to the user terminal to the authentication server, receiving the authentication state of the user terminal sent by the authentication server, and sending the user identity information and the authentication state to the verification device; the authentication state indicates the result of the authentication server to the user identity information;
the verification device is used for receiving the user identity information and the authentication state of the user terminal sent by the authentication client, verifying the application client according to the attribute information included in the registration request after receiving the registration request sent by the application client, sending a registration success message to the application client after the verification is passed, and sending the user identity information and the authentication state to the application client after receiving the login message sent by the application client;
the application client is configured to send the registration request to the verification apparatus, send a login message to the verification apparatus after receiving a registration success message sent by the verification apparatus, and send a login success message including the user identity information to an application server to log in to the application server after receiving the user identity information and the authentication status sent by the verification apparatus.
In a first possible implementation manner of the fifth aspect, the authentication client is further configured to obtain a mapping relationship between a verification manner and attribute information from an authentication server, and send the mapping relationship between the verification manner and the attribute information to the verification device;
the checking device is further used for inquiring the mapping relation between the checking mode and the attribute information, acquiring the checking mode corresponding to the attribute information of the application client, and checking the application client according to the checking mode corresponding to the attribute information of the application client.
A sixth aspect of an embodiment of the present invention provides a login system, including any one of the user terminals and the authentication server provided in the fifth aspect;
the authentication server is used for authenticating the user terminal according to the received user identity information sent by the user terminal and sending an authentication state to the user terminal after the authentication is passed; and the authentication state shows the result of the authentication of the user identity information by the authentication server.
In a first possible implementation manner of the sixth aspect, the login system further includes an application server, configured to receive a login success message sent by the user terminal, acquire an account associated with the user identity information according to the user identity information included in the login success message, and allow an application client corresponding to the account to be online; and the application server stores the association relationship between the account of the application client and the user identity information.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the authentication server is further configured to configure a mapping relationship between attribute information of an application client of the user terminal and a verification manner, and send the mapping relationship to the user terminal.
In the login processing method provided by this embodiment, a verification device is used to receive user identity information corresponding to a user terminal and an authentication state of the user terminal, which are sent by an authentication client, check the application client according to attribute information after receiving a registration request including the attribute information of the application client, which is sent by the application client, and send a registration success message to the application client after the check is passed so as to notify the application client to log in, and then send the user identity information and the authentication state to the application client after receiving a login message sent by the application client, so that the application client sends the login success message including the user identity information to an application server to log in the application server after confirming that the authentication is passed. In the embodiment, the authentication server only needs to authenticate the user identity information of the user terminal, sends the authentication result to the authentication client and then sends the authentication result to the verification device through the authentication client, when the application client of the user terminal logs in, the authentication is not needed in the authentication server, and the login can be realized only by verifying the attribute information of the application client through the verification device, so that the load of the authentication server is effectively reduced, and the authentication speed is accelerated.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a diagram illustrating an application scenario of a single sign-on method in the prior art;
fig. 2 is a schematic view of an application scenario of a login processing method according to an embodiment of the present invention;
fig. 3 is a flowchart of a login processing method according to an embodiment of the present invention;
fig. 4 is a flowchart of a login processing method according to a second embodiment of the present invention;
fig. 5 is a flowchart of a login processing method according to a third embodiment of the present invention;
fig. 6 is a flowchart of a login processing method according to a fourth embodiment of the present invention;
fig. 7 is a schematic signaling interaction diagram of an example of a login processing method according to a fifth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a login processing apparatus according to a sixth embodiment of the present invention;
fig. 9 is a schematic structural diagram of a login processing apparatus according to a seventh embodiment of the present invention;
fig. 10 is a structure of a verification apparatus according to an eighth embodiment of the present invention;
fig. 11 is a schematic structural diagram of a login processing apparatus according to a ninth embodiment of the present invention;
fig. 12 is a schematic structural diagram of an authentication client according to a tenth embodiment of the present invention;
fig. 13 is a schematic structural diagram of a user terminal according to an eleventh embodiment of the present invention;
fig. 14 is a schematic structural diagram of a login system according to a twelfth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 2 is a schematic view of an application scenario of the login processing method according to the embodiment of the present invention. As shown in fig. 2, the application scenario includes an authentication server 10, a user terminal 15 and an application server 14, wherein the user terminal 15 includes an authentication client 11, a verification device 12 and an application client 13. It should be noted that, in this embodiment, the user terminal 15 may include a plurality of application clients, and is not limited to fig. 2.
Fig. 3 is a flowchart of a login processing method according to an embodiment of the present invention. The login processing method is applied to a verification device, the verification device, an authentication client and an application client are located in the same user terminal, and as shown in fig. 3, the method comprises the following steps:
step 101, a checking device receives user identity information corresponding to a user terminal and an authentication state of the user terminal, which are sent by an authentication client.
In this embodiment, the authentication status indicates a result of the authentication of the user identity information by the authentication server, that is, whether the user identity information corresponding to the user terminal passes the authentication. The authentication client sends user identity information corresponding to the user terminal to the authentication server, the authentication server authenticates the user identity information, sends the authentication state of the user terminal to the authentication client after the authentication is completed, and then the authentication client sends the authentication state of the user terminal and the user identity information passing the authentication to the verification device for storage.
Step 102, the verifying device receives a registration request sent by an application client.
The registration request comprises attribute information of the application client.
In this embodiment, the application client may specifically be a microblog client, a mail client, a panning client, a wechat client, or the like, and when the application client needs to perform single sign-on, a registration request is first sent to the verification apparatus, where the registration request includes attribute information of the application client.
And 103, the verifying device verifies the application client according to the attribute information and sends a registration success message to the application client after the verification is passed so as to inform the application client to log in.
In this embodiment, the verifying device may arbitrarily select a verifying method to verify the application client according to the attribute information of the application client, or may verify the application client according to a predefined verifying method. And after the verification is passed, the verification device sends a registration success message to the application client and informs the application client to start logging in. If the verification fails, a registration failure message is sent to the application client, or no message is sent to the application client, and the application client does not perform single sign-on.
And 104, after receiving the login message sent by the application client, the verification device sends an authentication state and user identity information to the application client, so that the application client sends a login success message including the user identity information to the application server to log in the application server after confirming that the authentication is passed.
In this embodiment, the login success message includes user identity information, and the user identity information is specifically an identifier, a code, and the like corresponding to the user terminal, for example, a mobile phone number. And after receiving the login success message, the application server acquires an account associated with the user identity information according to the user identity information in the login success message and allows the application client corresponding to the account to be online.
In the login processing method provided by this embodiment, a verification device is used to receive user identity information corresponding to a user terminal and an authentication state of the user terminal, which are sent by an authentication client, check the application client according to attribute information after receiving a registration request including the attribute information of the application client, which is sent by the application client, and send a registration success message to the application client after the check is passed so as to notify the application client to log in, and then send the user identity information and the authentication state to the application client after receiving a login message sent by the application client, so that the application client sends the login success message including the user identity information to an application server to log in the application server after confirming that the authentication is passed. In the embodiment, the authentication server only needs to authenticate the user identity information of the user terminal, sends the authentication result to the authentication client and then sends the authentication result to the verification device through the authentication client, when the application client of the user terminal logs in, the authentication is not needed in the authentication server, and the login can be realized only by verifying the attribute information of the application client through the verification device, so that the load of the authentication server is effectively reduced, and the authentication speed is accelerated.
Fig. 4 is a flowchart of a login processing method according to a second embodiment of the present invention. On the basis of the first embodiment, as shown in fig. 4, a specific implementation manner of the step "the verifying apparatus verifies the application client according to the attribute information" includes the following steps:
step 201, the checking device queries the mapping relationship between the checking mode and the checking attribute information, and obtains the checking mode corresponding to the attribute information of the application client.
The mapping relation is obtained from the authentication server through the authentication client.
In this embodiment, the mapping relationship between the verification mode and the verification attribute information is configured by the authentication server, and the authentication server may flexibly configure the corresponding verification mode according to the attribute information of the application client. And after the authentication client acquires the mapping relation between the verification modes and the verification attribute information of all the application clients of the user terminal from the authentication server, the verification modes and the verification attribute information of the application clients are sent to a verification device for storage.
Step 202, the verifying device verifies the application client according to the verifying mode corresponding to the attribute information of the application client.
Optionally, in this embodiment, the attribute information is a message digest algorithm fifth version (MD 5) value, a process name, or signature information of the process.
It should be noted that the implementation principle of other method steps in this embodiment is the same as the principle of the method steps in this embodiment, and details are not described here.
In this embodiment, the attribute information is specifically an MD5 value, a process name, or signature information performed, and the authentication server configures different verification methods for different attribute information, where the verification method for performing validity verification according to a process name is simplest, the verification method for performing validity verification according to signature information of a process is strictest, and the authentication server can flexibly configure different verification methods according to attribute information of an application client according to requirements of different application clients, thereby effectively ensuring security of a verification process.
In the login processing method provided by this embodiment, the verification device receives the registration request including the attribute information of the application client, queries the mapping relationship between the verification mode and the verification attribute information, obtains the verification mode corresponding to the attribute information of the application client, and verifies the application client according to the verification mode corresponding to the attribute information of the application client, so that the application client of the user terminal does not need to be authenticated in the authentication server when logging in, and the login can be realized only by verifying the attribute information of the application client by the verification device, thereby effectively reducing the workload of the authentication server, reducing the load of the authentication server, and accelerating the single-point login authentication speed. And the authentication server can flexibly configure different verification modes according to the requirements of different application clients and the attribute information of the application clients, thereby effectively ensuring the safety of the verification process.
Fig. 5 is a flowchart of a login processing method according to a third embodiment of the present invention. The login processing method is applied to an authentication client, the verification device and the application client are located in the same user terminal, as shown in fig. 5, the method comprises the following steps:
step 301, the authentication client sends user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information.
In this embodiment, the user identity information is specifically an identifier, a code, and the like corresponding to the user terminal, for example, a mobile phone number.
Step 302, the authentication client receives the authentication state of the user terminal sent by the authentication server.
In this embodiment, the authentication server authenticates the user identity information corresponding to the user terminal, and after the authentication is passed, the authentication server sends the authentication state to the authentication client.
Step 303, the authentication client sends the user identity information and the authentication status to the verification device, so that the verification device sends the user identity information and the authentication status to the application client after the application client passes the verification.
In this embodiment, the authentication client sends the authentication state of the user terminal and the authenticated user identity information to the verification device for storage, after the verification device verifies that the application client passes the verification and receives the login message sent by the application client, the verification device sends the user identity information of the user terminal and the authentication state to the application client, and after the application client confirms that the user terminal passes the authentication, the application client sends a login success message including the user identity information to the application server to log in the application server.
In the login processing method provided in this embodiment, the authentication client sends the user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information, receives the authentication state of the user terminal sent by the authentication server, and sends the user identity information and the authentication state to the verification device, so that the verification device sends the user identity information and the authentication state to the application client after the application client passes verification. In the embodiment, the authentication server only authenticates the user identity information corresponding to the user terminal, sends the user identity information and the authentication state to the authentication client, and forwards the user identity information and the authentication state to the verification device through the authentication client, so that each application client of the user terminal can log in only through verification of the verification device, the workload of the authentication server is effectively reduced, the load of the authentication server is reduced, and the single sign-on authentication speed is accelerated.
Fig. 6 is a flowchart of a login processing method according to a fourth embodiment of the present invention. As shown in fig. 6, the method comprises the steps of:
step 401, the authentication client sends user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information.
Step 402, the authentication client receives the authentication state of the user terminal sent by the authentication server.
In this embodiment, the implementation principle of step 401 and step 402 is the same as that of step 301 and step 302 in the third embodiment, and is not described herein again.
Step 403, the authentication client obtains the mapping relationship between the verification mode and the attribute information from the authentication server.
In this embodiment, the authentication client may send a mapping relationship request to the authentication server, so that the authentication server issues a pre-configured verification manner and a mapping relationship of the attribute information to the authentication client after receiving the mapping relationship request; or the authentication server actively issues the information to the authentication client after configuring the mapping relation between the checking mode and the attribute information.
Step 404, the authentication client sends the mapping relationship between the verification mode and the attribute information to the verification device, so that the verification device verifies the application client according to the verification mode corresponding to the attribute information of the application client.
In this embodiment, the authentication client sends the mapping relationship between the verification mode and the attribute information to the verification device for storage, and after the verification device receives the registration request sent by the application client, the corresponding verification mode is selected according to the attribute information of the application client in the registration request, and the application client is verified.
Optionally, in this embodiment, the attribute information is an MD5 value, a process name, or signature information of a process.
In this embodiment, the attribute information is specifically an MD5 value, a process name, or signature information performed, and the authentication server configures different verification methods for different attribute information, where the verification method for performing validity verification according to a process name is simplest, the verification method for performing validity verification according to signature information of a process is strictest, and the authentication server can flexibly configure different verification methods according to attribute information of an application client according to requirements of different application clients, thereby effectively ensuring security of a verification process.
Step 405, the authentication client sends the user identity information and the authentication state to the verification device, so that the verification device sends the user identity information and the authentication state to the application client after the application client passes the verification.
In this embodiment, the implementation principle of step 405 is the same as that of step 303 in the third embodiment, and is not described here again.
It should be noted that, in this embodiment, step 404 and step 405 may be executed simultaneously, or may be executed sequentially, and the order of the steps is not limited.
In the login processing method provided by this embodiment, the authentication client sends the user identity information corresponding to the user terminal to the authentication server, so that the authentication server authenticates the user identity information, receives the authentication state of the user terminal sent by the authentication server, obtains the mapping relationship between the verification manner and the attribute information from the authentication server, and sends the mapping relationship between the verification manner and the attribute information to the verification device, so that the verification device verifies the application client according to the verification manner corresponding to the attribute information of the application client, and sends the user identity information and the authentication state to the verification device, so that the verification device sends the user identity information and the authentication state to the application client after the application client passes the verification. In the embodiment, the authentication server only authenticates the user identity information corresponding to the user terminal, sends the authentication result to the authentication client, and forwards the authentication result to the verification device, so that each application client of the user terminal can log in only by being verified by the verification device, the workload of the authentication server is effectively reduced, the load of the authentication server is reduced, and the single sign-on authentication speed is accelerated. Moreover, the authentication server can flexibly configure different verification modes according to the requirements of different application clients and the attribute information of the application clients, thereby effectively ensuring the safety of the verification process.
Fig. 7 is a schematic signaling interaction diagram of an example of a login processing method according to a fifth embodiment of the present invention. Based on the above-mentioned architecture diagram shown in fig. 2, as shown in fig. 7, the method includes the following steps:
step 501, the authentication client first sends the identity information of the user corresponding to the user terminal to the authentication server.
Step 502, after receiving the user identity information, the authentication server authenticates the user identity information, and sends an authentication state to the authentication client after the authentication is passed.
Step 503, after receiving the authentication state, the authentication client obtains the mapping relationship between the verification mode and the attribute information of all the application clients of the user terminal from the authentication server.
Step 504, the authentication server sends the pre-configured mapping relationship between the verification method and the attribute information to the authentication client.
Step 505, the authentication client sends the user identity information and the authentication state of the user terminal to the verification apparatus.
Step 506, the verifying device receives and stores the user identity information and the authentication state of the user terminal.
And step 507, the authentication client sends the mapping relation between the verification mode and the attribute information to the verification device.
And step 508, the checking device receives and stores the mapping relation between the checking mode and the attribute information.
Step 509, when the application client performs single sign-on, a registration message including the attribute information of the application client is sent to the verification apparatus.
And step 510, the verifying device selects a verifying mode corresponding to the attribute information of the application client, and verifies the access validity of the application client.
Step 511, after the verification is passed, the verification device sends a registration success message to the application client, that is, the application client is allowed to perform single sign-on authentication, and if the registration success message is not returned, the registration fails.
And step 512, after receiving the registration success message, the application client sends a login message to the verification device.
Step 513, after receiving the login message, the verification apparatus sends the user identity information and the authentication status to the application client.
And 514, after receiving the authentication state, the application client sends a login success message to the application server to complete single sign-on.
According to the login processing method provided by the embodiment, the mapping relation between the verification mode and the attribute information configured by the authentication server, the user identity information and the authentication state of the user terminal are stored in the verification device, when the application client performs single-point login, the verification device directly acquires the corresponding verification mode according to the attribute information of the application client, and verifies the application client, so that the workload of the authentication server is effectively reduced, the load of the authentication server is reduced, and the single-point login authentication speed is increased.
Fig. 8 is a schematic structural diagram of a login processing device according to a sixth embodiment of the present invention. As shown in fig. 8, the apparatus includes a receiving module 21, a transmitting module 22, and a verifying module 23. The receiving module 21 is configured to receive user identity information corresponding to the user terminal and an authentication state of the user terminal, where the user identity information and the authentication state are sent by the authentication client, and the authentication state indicates a result of authenticating the user identity information by the authentication server; the receiving module 21 is configured to receive a registration request sent by an application client; wherein, the registration request comprises the attribute information of the application client; the checking module 23 is configured to check the application client according to the attribute information, and after the checking is passed, trigger the sending module 22 to send a registration success message to the application client, so that the application client logs in; the receiving module 21 is further configured to receive a login message sent by the application client; the sending module 22 is further configured to send the authentication status and the user identity information to the application client, so that the application client sends a login success message including the user identity information to the application server to log in to the application server after confirming that the authentication is passed.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 3, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 9 is a schematic structural diagram of a login processing apparatus according to a seventh embodiment of the present invention. On the basis of the sixth embodiment, as shown in fig. 9, the checking module 23 includes an inquiring unit 24 and a processing unit 25. The query unit 24 is configured to query a mapping relationship between the verification manner and the attribute information, and acquire a verification manner corresponding to the attribute information of the application client; the mapping relation is obtained from an authentication server through an authentication client; the processing unit 25 is configured to verify the application client according to a verification method corresponding to the attribute information of the application client.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 4, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 10 is a schematic structural diagram of a verification apparatus according to an eighth embodiment of the present invention. As shown in fig. 10, the verification device includes a receiver 31, a transmitter 32, and a processor 33. The receiver 31 is configured to receive an authentication status and user identity information of a user terminal sent by an authentication client; the receiver 31 is configured to receive a registration request sent by an application client; wherein, the registration request comprises the attribute information of the application client; the processor 33 is configured to verify the application client according to the attribute information, and after the verification is passed, trigger the transmitter 32 to send a registration success message to the application client, so that the application client logs in; the receiver 31 is further configured to receive a login message sent by the application client; the transmitter 32 is further configured to send the authentication status and the user identity information to the application client, so that the application client sends a login success message including the user identity information to the application server to log in to the application server after confirming that the authentication is passed.
Further, in this embodiment, the processor 33 is further configured to query a mapping relationship between the verification manner and the attribute information, obtain a verification manner corresponding to the attribute information of the application client, and verify the application client according to the verification manner corresponding to the attribute information of the application client.
Further, in this embodiment, the verification client may further include a memory (not shown in the figure) for storing a mapping relationship between the authentication status and the verification manner sent by the application client and the attribute information.
The verification client in this embodiment may be configured to execute the technical solution of the login processing method provided in fig. 3 or fig. 4 of the present invention, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 11 is a schematic structural diagram of a login processing apparatus according to a ninth embodiment of the present invention. As shown in fig. 11, the apparatus includes a transmitting module 41, a receiving module 42, and an authenticating module 43. The authentication module 43 sends the user identity information corresponding to the user terminal to the authentication server through the sending module 41, so that the authentication server authenticates the user identity information; the authentication module 43 receives the authentication state of the user terminal sent by the authentication server through the receiving module 42; the authentication module 43 sends the user identity information and the authentication status to the verification apparatus through the sending module 41, so that the verification apparatus sends the user identity information and the authentication status to the application client after the application client passes the verification.
Further, in this embodiment, the authentication module 43 further obtains the mapping relationship between the verification mode and the attribute information from the authentication server through the receiving module 42; the authentication module 43 further sends the mapping relationship between the verification method and the attribute information to the verification apparatus through the sending module 41, so that the verification apparatus verifies the application client according to the verification method corresponding to the attribute information of the application client.
The apparatus of this embodiment may be used to implement the technical solutions of the method embodiments shown in fig. 5 or fig. 6, and the implementation principles and technical effects are similar, which are not described herein again.
Fig. 12 is a schematic structural diagram of an authentication client according to a tenth embodiment of the present invention. As shown in fig. 12, the authentication client includes a transmitter 44, a receiver 45, and a processor 46. The processor 46 sends the user identity information corresponding to the user terminal to the authentication server through the transmitter 44, so that the authentication server authenticates the user identity information; the processor 46 receives the authentication status of the user terminal transmitted by the authentication server through the receiver 45; the processor 46 sends the user identity information and the authentication status to the verification apparatus through the transmitter 44, so that the verification apparatus sends the user identity information and the authentication status to the application client after the verification of the application client is passed.
Further, in this embodiment, the processor 46 further obtains the mapping relationship between the verification mode and the attribute information from the authentication server through the receiver 45; the processor 46 further sends the mapping relationship between the verification mode and the attribute information to the verification apparatus through the transmitter 44, so that the verification apparatus verifies the application client according to the verification mode corresponding to the attribute information of the application client.
The apparatus of this embodiment may be used to implement the technical solutions of the method embodiments shown in fig. 5 or fig. 6, and the implementation principles and technical effects are similar, which are not described herein again.
Fig. 13 is a schematic structural diagram of a user terminal according to an eleventh embodiment of the present invention. As shown in fig. 12, the user terminal includes an authentication client 51, a verification device 52, and an application client 53. The authentication client 51 is configured to send user identity information corresponding to the user terminal to the authentication server, receive an authentication state of the user terminal sent by the authentication server, and send the user identity information and the authentication state of the user terminal to the verification device 52; the verification device 52 is configured to receive the user identity information and the authentication state of the user terminal sent by the authentication client 51, verify the application client 53 according to the attribute information included in the registration request after receiving the registration request sent by the application client 53, send a registration success message to the application client 53 after the verification is passed, and send the user identity information and the authentication state to the application client 53 after receiving the login message sent by the application client 53; wherein, the registration request includes the attribute information of the application client 53; the application client 53 is configured to send a registration request to the verification apparatus 52, send a login message to the verification apparatus 52 after receiving a registration success message sent by the verification apparatus 52, and send a login success message including user identity information to the application server to log in to the application server after receiving the user identity information and the authentication status sent by the verification apparatus 52.
Further, in this embodiment, the authentication client 51 is further configured to obtain a mapping relationship between the verification manner and the attribute information from the authentication server, and send the mapping relationship between the verification manner and the attribute information to the verification device 52; the verifying device 52 is further configured to query a mapping relationship between the verifying method and the attribute information, obtain a verifying method corresponding to the attribute information of the application client 53, and verify the application client 53 according to the verifying method corresponding to the attribute information of the application client 53.
The user terminal of this embodiment may be configured to execute the technical solution of the login processing method provided in any embodiment of the present invention, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 14 is a schematic structural diagram of a login system according to a twelfth embodiment of the present invention. As shown in fig. 14, the login system includes a user terminal 61 and an authentication server 62 provided in the embodiment shown in fig. 13. The authentication server 62 is configured to authenticate the user terminal according to the received user identity information sent by the user terminal, and send an authentication status to the user terminal after the authentication is passed, where the authentication status indicates a result of the authentication performed by the authentication server on the user identity information.
Further, in this embodiment, the login system further includes an application server (not shown in the figure) configured to receive a login success message sent by the user terminal, acquire an account associated with the user identity information according to the user identity information included in the login success message, and allow an application client of the user terminal 61 corresponding to the account to be online; the application server stores the incidence relation between the account number of the application client and the user identity information; the authentication server 62 is further configured to configure a mapping relationship between the attribute information of the application client of the user terminal and the verification manner, and send the mapping relationship to the user terminal.
The login system of this embodiment may be used to implement the technical solution of the login processing method provided in any embodiment of the present invention, and the implementation principle and technical effect are similar, which are not described herein again.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (15)

1. A login processing method is characterized in that the processing method is applied to a verification device, the verification device, an authentication client and an application client are positioned in the same user terminal, and the login processing method comprises the following steps:
the verification device receives user identity information corresponding to the user terminal and an authentication state of the user terminal, which are sent by the authentication client, wherein the authentication state indicates a result of authentication of the user identity information by the authentication server;
the verification device receives a registration request sent by the application client; wherein the registration request includes attribute information of the application client;
the verifying device verifies the application client according to the attribute information and sends a registration success message to the application client after the verification is passed so as to inform the application client to log in;
and after receiving the login message sent by the application client, the verification device sends the authentication state and the user identity information to the application client, so that the application client sends a login success message comprising the user identity information to an application server to log in the application server after confirming that the authentication is passed.
2. The method according to claim 1, wherein the verifying device verifies the application client according to the attribute information, specifically including:
the checking device inquires the mapping relation between the checking mode and the attribute information and acquires the checking mode corresponding to the attribute information of the application client; the mapping relation is obtained from an authentication server through an authentication client;
and the verifying device verifies the application client according to the verifying mode corresponding to the attribute information of the application client.
3. The method according to claim 1 or 2, wherein the attribute information is a message digest algorithm MD5 value, a process name or signature information of a process.
4. A login processing method is characterized in that the processing method is applied to an authentication client, the authentication client, a verification device and an application client are positioned in the same user terminal, and the login processing method comprises the following steps:
the authentication client sends user identity information corresponding to the user terminal to an authentication server so that the authentication server authenticates the user identity information;
the authentication client receives the authentication state of the user terminal sent by the authentication server; the authentication state indicates the result of the authentication server to the user identity information;
and the authentication client sends the user identity information and the authentication state to a verification device, so that the verification device sends the user identity information and the authentication state to the application client after the application client is verified by the verification device.
5. The method according to claim 4, wherein after the authentication client receives the authentication status of the user terminal sent by the authentication server, the method further comprises:
the authentication client acquires a mapping relation between a verification mode and attribute information from an authentication server;
and the authentication client sends the mapping relation between the checking mode and the attribute information to the checking device so that the checking device checks the application client according to the checking mode corresponding to the attribute information of the application client.
6. The method according to claim 4 or 5, wherein the attribute information is a message digest algorithm MD5 value, a process name or signature information of a process.
7. A log-in processing device, comprising:
the receiving module is used for receiving the user identity information corresponding to the user terminal and the authentication state of the user terminal, which are sent by the authentication client; the authentication state indicates the result of the authentication of the user identity information by the authentication server;
the receiving module is further used for receiving a registration request sent by the application client; wherein the registration request includes attribute information of the application client;
the verification module is used for verifying the application client according to the attribute information and triggering the sending module to send a registration success message to the application client after the verification is passed so as to log in the application client;
the receiving module is further configured to receive a login message sent by the application client;
the sending module is further configured to send the authentication status and the user identity information to the application client, so that the application client sends a login success message including the user identity information to an application server to log in the application server after confirming that the authentication is passed.
8. The apparatus of claim 7, wherein the verification module comprises a query unit and a processing unit;
the query unit is used for querying the mapping relation between the verification mode and the attribute information and acquiring the verification mode corresponding to the attribute information of the application client; the mapping relation is obtained from an authentication server through an authentication client;
and the processing unit is used for verifying the application client according to the verification mode corresponding to the attribute information of the application client.
9. A log-in processing device, comprising: the system comprises a sending module, a receiving module and an authentication module; wherein,
the authentication module sends user identity information corresponding to a user terminal to an authentication server through the sending module so that the authentication server authenticates the user identity information;
the authentication module receives the authentication state of the user terminal sent by the authentication server through the receiving module; wherein the authentication state indicates the result of the authentication server authenticating the user identity information
The authentication module further sends the user identity information and the authentication state to the verification device through the sending module, so that the verification device sends the user identity information and the authentication state to the application client after the verification of the application client is passed.
10. The apparatus according to claim 9, wherein the authentication module further obtains a mapping relationship between the verification method and the attribute information from the authentication server through the receiving module;
the authentication module further sends the mapping relation between the verification mode and the attribute information to a verification device through the sending module, so that the verification device verifies the application client according to the verification mode corresponding to the attribute information of the application client.
11. A user terminal is characterized by comprising an authentication client, a verification device and an application client;
the authentication client is used for sending user identity information corresponding to the user terminal to the authentication server, receiving the authentication state of the user terminal sent by the authentication server, and sending the user identity information and the authentication state to the verification device; the authentication state indicates the result of the authentication server to the user identity information;
the verification device is used for receiving the user identity information and the authentication state of the user terminal sent by the authentication client, verifying the application client according to the attribute information included in the registration request after receiving the registration request sent by the application client, sending a registration success message to the application client after the verification is passed, and sending the user identity information and the authentication state to the application client after receiving the login message sent by the application client;
the application client is configured to send the registration request to the verification apparatus, send a login message to the verification apparatus after receiving a registration success message sent by the verification apparatus, and send a login success message including the user identity information to an application server to log in to the application server after receiving the user identity information and the authentication status sent by the verification apparatus.
12. The user terminal of claim 11,
the authentication client is also used for acquiring the mapping relation between the verification mode and the attribute information from the authentication server and sending the mapping relation between the verification mode and the attribute information to the verification device;
the checking device is further used for inquiring the mapping relation between the checking mode and the attribute information, acquiring the checking mode corresponding to the attribute information of the application client, and checking the application client according to the checking mode corresponding to the attribute information of the application client.
13. A login system comprising a user terminal according to claim 11 or 12 and an authentication server;
the authentication server is used for authenticating the user terminal according to the received user identity information sent by the user terminal and sending an authentication state to the user terminal after the authentication is passed; and the authentication state shows the result of the authentication of the user identity information by the authentication server.
14. The login system of claim 13, wherein the login system further comprises an application server, configured to receive a login success message sent by the user terminal, obtain an account associated with the user identity information according to the user identity information included in the login success message, and allow an application client corresponding to the account to go online; and the application server stores the association relationship between the account of the application client and the user identity information.
15. The login system according to claim 13 or 15, wherein the authentication server is further configured to configure a mapping relationship between attribute information and a verification manner of an application client of the user terminal, and send the mapping relationship to the user terminal.
CN201410849669.8A 2014-12-31 2014-12-31 Processing method, device, user terminal and the login system of login Active CN105812138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410849669.8A CN105812138B (en) 2014-12-31 2014-12-31 Processing method, device, user terminal and the login system of login

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410849669.8A CN105812138B (en) 2014-12-31 2014-12-31 Processing method, device, user terminal and the login system of login

Publications (2)

Publication Number Publication Date
CN105812138A true CN105812138A (en) 2016-07-27
CN105812138B CN105812138B (en) 2019-05-28

Family

ID=56421506

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410849669.8A Active CN105812138B (en) 2014-12-31 2014-12-31 Processing method, device, user terminal and the login system of login

Country Status (1)

Country Link
CN (1) CN105812138B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209905A (en) * 2016-08-16 2016-12-07 杭州华三通信技术有限公司 A kind of network safety managing method and device
CN110572388A (en) * 2019-09-05 2019-12-13 北京宝兰德软件股份有限公司 method for connecting unified authentication server and unified authentication adapter
CN114827692A (en) * 2022-04-29 2022-07-29 深圳市瑞云科技有限公司 System for operating cloud desktop based on smart television

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103501344A (en) * 2013-10-10 2014-01-08 从兴技术有限公司 Method and system for realizing single sign-on of plurality of applications
US20140012690A1 (en) * 2012-07-05 2014-01-09 Paynearme, Inc. Systems and Methods for Facilitating Cash-Based Transactions
CN104065616A (en) * 2013-03-20 2014-09-24 中国移动通信集团公司 Single sign-on method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140012690A1 (en) * 2012-07-05 2014-01-09 Paynearme, Inc. Systems and Methods for Facilitating Cash-Based Transactions
CN104065616A (en) * 2013-03-20 2014-09-24 中国移动通信集团公司 Single sign-on method and system
CN103501344A (en) * 2013-10-10 2014-01-08 从兴技术有限公司 Method and system for realizing single sign-on of plurality of applications

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209905A (en) * 2016-08-16 2016-12-07 杭州华三通信技术有限公司 A kind of network safety managing method and device
CN106209905B (en) * 2016-08-16 2020-01-24 新华三技术有限公司 Network security management method and device
CN110572388A (en) * 2019-09-05 2019-12-13 北京宝兰德软件股份有限公司 method for connecting unified authentication server and unified authentication adapter
CN114827692A (en) * 2022-04-29 2022-07-29 深圳市瑞云科技有限公司 System for operating cloud desktop based on smart television

Also Published As

Publication number Publication date
CN105812138B (en) 2019-05-28

Similar Documents

Publication Publication Date Title
US9098678B2 (en) Streaming video authentication
CN104917727B (en) A kind of method, system and device of account's authentication
CN106657152B (en) Authentication method, server and access control device
CN103139200B (en) A kind of method of Web service single-sign-on
CN102624720B (en) Method, device and system for identity authentication
CN104125565A (en) Method for realizing terminal authentication based on OMA DM, terminal and server
TW201706900A (en) Method and device for authentication using dynamic passwords
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
CN107086979B (en) User terminal verification login method and device
CN106559783B (en) Authentication method, device and system for WIFI network
CN106096343A (en) Message access control method and equipment
CN107948204A (en) One-key login method and system, related equipment and computer readable storage medium
CN110365483B (en) Cloud platform authentication method, client, middleware and system
CN105227536A (en) A kind of Quick Response Code login method and equipment
CN110266642A (en) Identity identifying method and server, electronic equipment
US20160381001A1 (en) Method and apparatus for identity authentication between systems
CN110569638B (en) API authentication method and device, storage medium and computing equipment
CN104601590A (en) Login method, server and mobile terminal
CN106921640A (en) Identity identifying method, authentication device and Verification System
CN110958119A (en) Identity verification method and device
WO2015196817A1 (en) Account number login method, apparatus and system
CN105681258B (en) Session method and conversational device based on third-party server
CN104580553A (en) Identification method and device for network address translation device
CN114745431B (en) Non-invasive authority authentication method, system, medium and equipment based on side car technology
CN112491776A (en) Security authentication method and related equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant