CN105812138B - Processing method, device, user terminal and the login system of login - Google Patents
Processing method, device, user terminal and the login system of login Download PDFInfo
- Publication number
- CN105812138B CN105812138B CN201410849669.8A CN201410849669A CN105812138B CN 105812138 B CN105812138 B CN 105812138B CN 201410849669 A CN201410849669 A CN 201410849669A CN 105812138 B CN105812138 B CN 105812138B
- Authority
- CN
- China
- Prior art keywords
- applications client
- client
- authentication
- sent
- subscriber identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The embodiment of the present invention provides processing method, device, user terminal and the login system of a kind of login, this method comprises: calibration equipment receives the authentication state of the user terminal corresponding subscriber identity information and the user terminal that Authentication Client is sent;The calibration equipment receives the registration request that the applications client is sent;The calibration equipment verifies the applications client according to the attribute information, and after verification passes through, and Xiang Suoshu applications client sends the message that succeeds in registration, to notify that the applications client is logged in;The calibration equipment receives after the log messages that the applications client is sent, the authentication state and the subscriber identity information are sent to the applications client, so that the applications client is after confirmation certification passes through, the login success message including the subscriber identity information is sent to log on to the application server, to reduce the load of certificate server to application server.
Description
Technical field
The present embodiments relate to the communication technology more particularly to a kind of processing method of login, device, user terminal and step on
Recording system.
Background technique
Single-sign-on (Single Sign On, referred to as SSO) is in multiple application systems, for example, microblog system, postal
Part system, Taobao's system, wechat system etc., user only need to log in a system once, so that it may access all mutual
The application system of trust is one of the solution of business event integration popular at present.
Fig. 1 is the application scenarios schematic diagram of single-point logging method in the prior art.As shown in Figure 1, the scene includes certification
Server 1, application server 2, Authentication Client 3 and applications client 4, wherein Authentication Client 3 and applications client 4
In the same user terminal.The subscriber identity information of user terminal is sent to certificate server 1 by Authentication Client 3, certification
Server 1 compares subscriber identity information with user information database, carries out login authentication to user, after authenticating successfully, certification clothes
Business, 1 generates unified authentication marks (token), and token is sent to Authentication Client 3, and Authentication Client 3 sends out token
Applications client 4 is given, when applications client 4 logs in, token is sent to application server 2, application server 2 will
Token is sent to certificate server, and certificate server 1 is verified and identified to the token sent, will after verification passes through
Authentication result is sent to application server 2, and authentication result is sent to applications client 4 again by application server 2.
But since a user terminal is there are multiple applications clients, when each applications client logs in, require
Token is verified into certificate server, so that the load of certificate server is big, certification speed is slow.
Summary of the invention
The embodiment of the present invention provides processing method, device, user terminal and the login system of a kind of login, effectively reduces
The workload of certificate server accelerates the speed of single sign-on authentication to reduce the load of certificate server.
First aspect of the embodiment of the present invention provides a kind of processing method of login, and the processing method is applied to verification dress
It sets, the calibration equipment, Authentication Client and applications client are located at same user terminal, comprising:
The calibration equipment receive the corresponding subscriber identity information of the user terminal that the Authentication Client is sent and
The authentication state of the user terminal, the authentication state show what certificate server authenticated the subscriber identity information
As a result;
The calibration equipment receives the registration request that the applications client is sent;Wherein, include in the registration request
The attribute information of the applications client;
The calibration equipment verifies the applications client according to the attribute information, and after verification passes through,
The message that succeeds in registration is sent to the applications client, to notify that the applications client is logged in;
After the calibration equipment receives the log messages that the applications client is sent, Xiang Suoshu applications client is sent
The authentication state and the subscriber identity information so that the applications client confirmation certification pass through after, to application service
Device sends the login success message including the subscriber identity information to log on to the application server.
In the first possible implementation of first aspect, the calibration equipment is according to the attribute information, to described
Applications client is verified, and is specifically included:
The mapping relations of calibration equipment the inquiry verification mode and attribute information, obtain the category with the applications client
The property corresponding verification mode of information;Wherein, the mapping relations are the mapping obtained by Authentication Client from certificate server
Relationship;
The calibration equipment is answered according to the verification mode corresponding with the attribute information of the applications client described
It is verified with client.
The possible implementation of with reference to first aspect the first, in second of possible implementation of first aspect, institute
State the signing messages that attribute information is Message Digest 5 MD5 value, process name or process.
Second aspect of the embodiment of the present invention provides a kind of processing method of login, and the processing method is applied to certification client
End, the Authentication Client, calibration equipment and applications client are located at same user terminal, comprising:
The Authentication Client sends the corresponding subscriber identity information of the user terminal to certificate server, so that described
Certificate server authenticates the subscriber identity information;
The Authentication Client receives the authentication state for the user terminal that the certificate server is sent, wherein institute
It states authentication state and shows the result that certificate server authenticates the subscriber identity information;
The subscriber identity information and the authentication state are sent to calibration equipment by the Authentication Client, so that described
For calibration equipment after passing through to applications client verification, Xiang Suoshu applications client sends the subscriber identity information and institute
State authentication state.
In the first possible implementation of second aspect, the Authentication Client receives the certificate server and sends
The user terminal authentication state after, the method also includes:
The Authentication Client obtains the mapping relations of verification mode and attribute information to certificate server;
The mapping relations of the check system and attribute information are sent to the calibration equipment by the Authentication Client, with
Make the calibration equipment according to verification mode corresponding with the attribute information of applications client, school is carried out to the applications client
It tests.
In conjunction with the first possible implementation of second aspect, in second of possible implementation of second aspect, institute
State the signing messages that attribute information is Message Digest 5 MD5 value, process name or process.
The third aspect of the embodiment of the present invention provides a kind of processing unit of login, comprising:
Receiving module, for receiving the corresponding subscriber identity information of user terminal and the user that Authentication Client is sent
The authentication state of terminal;The authentication state shows the result that certificate server authenticates the subscriber identity information;
The receiving module is also used to receive the registration request of applications client transmission;Wherein, it is wrapped in the registration request
Include the attribute information of the applications client;
Correction verification module, for being verified to the applications client, and pass through in verification according to the attribute information
Afterwards, triggering sending module sends the message that succeeds in registration to the applications client, so that the applications client is logged in;
The receiving module is also used to receive the log messages that the applications client is sent;
The sending module is also used to send the authentication state and user identity letter to the applications client
Breath, so that it includes the subscriber identity information that the applications client after confirmation certification passes through, is sent to application server
Login success message is to log on to the application server.
In the first possible implementation of the third aspect, the correction verification module includes query unit and processing unit;
The query unit obtains and the application client for inquiring the mapping relations of verification mode and attribute information
The corresponding verification mode of the attribute information at end;Wherein, the mapping relations are to be obtained by Authentication Client from certificate server
Mapping relations;
The processing unit, for the verification mode corresponding with the attribute information of the applications client according to institute
Applications client is stated to be verified.
Fourth aspect of the embodiment of the present invention provides a kind of processing unit of login, comprising: sending module, receiving module and recognizes
Demonstrate,prove module;Wherein,
The authentication module sends the corresponding user identity letter of user terminal to certificate server by the sending module
Breath, so that the certificate server authenticates the subscriber identity information;
The authentication module receives recognizing for the user terminal that the certificate server is sent by the receiving module
Card state, wherein the authentication state shows the result that certificate server authenticates the subscriber identity information;
The subscriber identity information and the authentication state are also sent to by the sending module by the authentication module
The calibration equipment, so that the calibration equipment is after passing through applications client verification, Xiang Suoshu applications client is sent out
Send the subscriber identity information and the authentication state.
In the first possible implementation of fourth aspect, the authentication module is also by the receiving module to certification
The mapping relations of server acquisition check system and attribute information;
The authentication module is also sent the check system and the mapping relations of attribute information by the sending module
To calibration equipment, so that the calibration equipment is answered according to verification mode corresponding with the attribute information of applications client described
It is verified with client.
The 5th aspect of the embodiment of the present invention provides a kind of user terminal, including Authentication Client, calibration equipment and application visitor
Family end;
The Authentication Client for sending the corresponding subscriber identity information of user terminal to certificate server, and receives
The subscriber identity information and the authentication state are sent institute by the authentication state for the user terminal that certificate server is sent
It states to calibration equipment;Wherein, the authentication state shows the result that certificate server authenticates the subscriber identity information;
The calibration equipment, for receiving the subscriber identity information and user end that the Authentication Client is sent
The authentication state at end includes according in the registration request after receiving the registration request that the applications client is sent
Attribute information, the applications client is verified, and after verification passes through, Xiang Suoshu applications client transmission register
Function message, after receiving the log messages that the applications client is sent, Xiang Suoshu applications client sends user's body
Part information and the authentication state;
The applications client for sending the registration request to the calibration equipment, and is receiving the verification dress
After setting the message that succeeds in registration of transmission, Xiang Suoshu calibration equipment sends log messages, receives the institute that the calibration equipment is sent
After stating subscriber identity information and the authentication state, sending to application server includes logining successfully for the subscriber identity information
Message is to log on to the application server.
In the first possible implementation of the 5th aspect, the Authentication Client is also used to obtain to certificate server
The mapping relations of verification mode and attribute information, and the mapping relations of the check system and attribute information are sent to the school
Experiment device;
The calibration equipment is also used to inquire the mapping relations of verification mode and attribute information, obtains and the application client
The corresponding verification mode of the attribute information at end, and according to the verification mode corresponding with the attribute information of the applications client
The applications client is verified.
The 6th aspect of the embodiment of the present invention provides a kind of login system, any one user provided including the 5th aspect is whole
End and certificate server;
The certificate server, the subscriber identity information for being sent according to the user terminal received, to described
User terminal is authenticated, and after certification passes through, and authentication state is sent to the user terminal;Wherein, the certification
State shows the result that certificate server authenticates the subscriber identity information.
In the first possible implementation of the 6th aspect, the login system further includes application server, for connecing
Receive the login success message that the user terminal is sent, and according to the subscriber identity information for including in the login success message,
Acquisition and the associated account of the subscriber identity information, and allow the corresponding applications client of the account online;Wherein, described
The incidence relation between the account and subscriber identity information of the applications client is stored in application server.
The possible implementation of with reference to first aspect the first, in second of possible implementation of first aspect, institute
Certificate server is stated, is also used to configure the mapping between the attribute information and verification mode of the applications client of the user terminal
Relationship, and the mapping relations are sent to the user terminal.
The processing method of login provided in this embodiment receives the user terminal that Authentication Client is sent by calibration equipment
The authentication state of corresponding subscriber identity information and user terminal, when receive applications client transmission includes applications client
Attribute information registration request after, according to attribute information, applications client is verified, and after verification passes through, Xiang Ying
The message that succeeds in registration is sent with client, to notify applications client to be logged in, then receives stepping on for applications client transmission
After recording message, subscriber identity information and authentication state are sent to applications client, so that applications client is logical in confirmation certification
Later, the login success message including subscriber identity information is sent to log on to application server to application server.This implementation
In example, since certificate server only needs to authenticate the subscriber identity information of user terminal, and authentication result is sent to
Authentication Client, then calibration equipment is sent to by Authentication Client, when the applications client of user terminal logs in, do not need
It is authenticated in certificate server, it is only necessary to which calibration equipment carries out verifying can be realized stepping on to the attribute information of applications client
Record, is effectively reduced the load of certificate server, accelerates certification speed.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without any creative labor, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the application scenarios schematic diagram of single-point logging method in the prior art;
Fig. 2 is the application scenarios schematic diagram of the processing method of login provided in an embodiment of the present invention;
Fig. 3 is the processing method flow chart for the login that the embodiment of the present invention one provides;
Fig. 4 is the processing method flow chart of login provided by Embodiment 2 of the present invention;
Fig. 5 is the processing method flow chart for the login that the embodiment of the present invention three provides;
Fig. 6 is the processing method flow chart for the login that the embodiment of the present invention four provides;
Fig. 7 is the Signalling exchange schematic diagram of one example of processing method for the login that the embodiment of the present invention five provides;
Fig. 8 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention six provides;
Fig. 9 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention seven provides;
Figure 10 is the structure for the calibration equipment that the embodiment of the present invention eight provides;
Figure 11 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention nine provides;
Figure 12 is the structural schematic diagram for the Authentication Client that the embodiment of the present invention ten provides;
Figure 13 is the structural schematic diagram for the user terminal that the embodiment of the present invention 11 provides;
Figure 14 is the structural schematic diagram for the login system that the embodiment of the present invention 12 provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 2 is the application scenarios schematic diagram of the processing method of login provided in an embodiment of the present invention.As shown in Fig. 2, this is answered
It include certificate server 10, user terminal 15 and application server 14 with scene, wherein user terminal 15 includes Authentication Client
11, calibration equipment 12 and applications client 13.It should be noted that the user terminal 15 may include multiple in the present embodiment
Applications client is not limited with Fig. 2.
Fig. 3 is the processing method flow chart for the login that the embodiment of the present invention one provides.The processing method of the login is applied to
Calibration equipment, calibration equipment, Authentication Client and applications client are located at same user terminal, as shown in figure 3, this method includes
Following steps:
Step 101, calibration equipment receive the corresponding subscriber identity information of user terminal and user that Authentication Client is sent
The authentication state of terminal.
In the present embodiment, authentication state show certificate server to subscriber identity information authenticated as a result, i.e. should
Whether the corresponding subscriber identity information of user terminal passes through certification.Authentication Client sends user terminal to certificate server and corresponds to
Subscriber identity information, certificate server authenticates the subscriber identity information, and after authentication is complete, by user terminal
Authentication state be sent to Authentication Client, then by the authentication state of user terminal and pass through the user of certification by Authentication Client
Identity information is handed down to calibration equipment and is saved.
Step 102, calibration equipment receive the registration request that applications client is sent.
It wherein, include the attribute information of applications client in registration request.
In the present embodiment, applications client is specifically as follows microblogging client, Mail Clients, Taobao's client, micro-
Believe client etc., when applications client needs to carry out single-sign-on, first sends registration request, the registration request to calibration equipment
In include applications client attribute information.
Step 103, calibration equipment verify applications client according to attribute information, and after verification passes through, Xiang Ying
The message that succeeds in registration is sent with client, to notify applications client to be logged in.
In the present embodiment, calibration equipment can arbitrarily select a kind of verification side according to the attribute information of applications client
Formula verifies applications client, can also be verified according to prespecified verification mode to applications client.Verification
By rear, calibration equipment sends the message that succeeds in registration to applications client, and notice applications client starts to log in.If verification is lost
It loses, then sends registration failure message to applications client, alternatively, do not send any message to applications client, then application client
End not will do it single-sign-on.
After step 104, calibration equipment receive the log messages that applications client is sent, sends and authenticate to applications client
State and subscriber identity information, so that it includes user's body that applications client after confirmation certification passes through, is sent to application server
The login success message of part information is to log on to application server.
In the present embodiment, login success message includes subscriber identity information, and subscriber identity information is specially user terminal
Corresponding mark, coding etc., for example, phone number.The account of the applications client is saved in application server with the user's
Incidence relation between subscriber identity information, application server is after receiving the login success message, according to login success message
In subscriber identity information obtain account associated by the subscriber identity information, and allow in the corresponding applications client of the account
Line.
The processing method of login provided in this embodiment receives the user terminal that Authentication Client is sent by calibration equipment
The authentication state of corresponding subscriber identity information and user terminal, when receive applications client transmission includes applications client
Attribute information registration request after, according to attribute information, applications client is verified, and after verification passes through, Xiang Ying
The message that succeeds in registration is sent with client, to notify applications client to be logged in, then receives stepping on for applications client transmission
After recording message, subscriber identity information and authentication state are sent to applications client, so that applications client is logical in confirmation certification
Later, the login success message including subscriber identity information is sent to log on to application server to application server.This implementation
In example, since certificate server only needs to authenticate the subscriber identity information of user terminal, and authentication result is sent to
Authentication Client, then calibration equipment is sent to by Authentication Client, when the applications client of user terminal logs in, do not need
It is authenticated in certificate server, it is only necessary to which calibration equipment carries out verifying can be realized stepping on to the attribute information of applications client
Record, is effectively reduced the load of certificate server, accelerates certification speed.
Fig. 4 is the processing method flow chart of login provided by Embodiment 2 of the present invention.On the basis of the above embodiment 1,
As shown in figure 4, the specific implementation of step " calibration equipment verifies applications client according to attribute information " include with
Lower step:
Step 201, calibration equipment inquiry verification mode and the mapping relations for verifying attribute information, acquisition and applications client
The corresponding verification mode of attribute information.
Wherein, mapping relations are the mapping relations obtained by Authentication Client from certificate server.
In the present embodiment, verification mode and the mapping relations of verification attribute information are configured by certificate server, certification clothes
Business device can flexibly configure corresponding verification mode according to the attribute information of applications client.Authentication Client is from authentication service
It, will be using visitor after device obtains the verification mode of all applications clients of user terminal and the mapping relations of verification attribute information
The verification mode at family end is sent to calibration equipment with verification attribute information and is stored.
Step 202, calibration equipment are according to verification mode corresponding with the attribute information of applications client, to applications client
It is verified.
Optionally, in the present embodiment, attribute information is Message Digest Algorithm 5 (Message Digest
Algorithm 5, abbreviation MD5) value, process name or process signing messages.
It should be noted that the method and step principle in the present embodiment in the realization principle and embodiment of other methods step
Identical, details are not described herein again.
In the present embodiment, attribute information is specially the signing messages of MD5 value, process name or progress, certificate server
Different verification modes is configured for different attribute informations, wherein the verification mode of legitimacy verifies is carried out most according to process name
Simply, the verification mode for carrying out legitimacy verifies according to the signing messages of process is most stringent, and certificate server can be according to different
The requirement of applications client flexibly configures different verification modes according to the attribute information of applications client, school is effectively ensured
Test the safety of process.
The processing method of login provided in this embodiment, calibration equipment receive the note of the attribute information comprising applications client
Volume request, inquiry verification mode and the mapping relations for verifying attribute information obtain corresponding with the attribute information of applications client
Verification mode, and according to verification mode corresponding with the attribute information of applications client, applications client is verified, so that
The applications client of user terminal does not need to be authenticated into certificate server when logging in, only by calibration equipment to application client
The attribute information at end, which carries out verification, can be realized login, the workload of certificate server be effectively reduced, to reduce certification
The load of server accelerates the speed of single sign-on authentication.Also, certificate server can be according to different applications clients
It is required that flexibly configuring different verification modes according to the attribute information of applications client, the safety of checking procedure is effectively ensured
Property.
Fig. 5 is the processing method flow chart for the login that the embodiment of the present invention three provides.The processing method of the login is applied to
Authentication Client, Authentication Client, calibration equipment and applications client are located at same user terminal, as shown in figure 5, this method packet
Include following steps:
Step 301, Authentication Client send the corresponding subscriber identity information of user terminal to certificate server, so that certification
Server authenticates subscriber identity information.
In the present embodiment, subscriber identity information is specially the corresponding mark of user terminal, coding etc., for example, cell-phone number
Code.
Step 302, Authentication Client receive the authentication state for the user terminal that certificate server is sent.
In the present embodiment, certificate server authenticates the corresponding subscriber identity information of user terminal, and certification passes through
Afterwards, authentication state is sent to Authentication Client by certificate server.
Subscriber identity information and authentication state are sent to calibration equipment by step 303, Authentication Client, so that calibration equipment
After passing through to applications client verification, subscriber identity information and authentication state are sent to applications client.
In the present embodiment, Authentication Client is sent out by the authentication state of user terminal and by the subscriber identity information of certification
It gives calibration equipment to be saved, after calibration equipment, which carries out verification to applications client, to be passed through, and receives applications client hair
After the log messages sent, calibration equipment answers the subscriber identity information of the user terminal and the authentication state applications client
After passing through certification with client confirmation user terminal, sending to application server includes that logining successfully for subscriber identity information disappears
Breath, to log on to application server.
It is corresponding to send user terminal from Authentication Client to certificate server for the processing method of login provided in this embodiment
Subscriber identity information receive the user that certificate server is sent so that certificate server authenticates subscriber identity information
The authentication state of terminal, and subscriber identity information and authentication state are sent to calibration equipment, so that calibration equipment is to application
After client verification passes through, subscriber identity information and authentication state are sent to applications client.In the present embodiment, since certification takes
Business device only authenticates the corresponding subscriber identity information of user terminal, and subscriber identity information and authentication state are sent to and recognized
Client is demonstrate,proved, then calibration equipment is transmitted to by Authentication Client, each applications client of user terminal is only needed by calibration equipment
Carrying out verification can be realized login, effectively reduce the workload of certificate server, so that the load of certificate server is reduced,
Accelerate the speed of single sign-on authentication.
Fig. 6 is the processing method flow chart for the login that the embodiment of the present invention four provides.As shown in fig. 6, this method include with
Lower step:
Step 401, Authentication Client send the corresponding subscriber identity information of user terminal to certificate server, so that certification
Server authenticates subscriber identity information.
Step 402, Authentication Client receive the authentication state for the user terminal that certificate server is sent.
In the present embodiment, step 401 and step 402 respectively with the step 301 and step 302 in above-described embodiment three
Realization principle is identical, and details are not described herein again.
Step 403, Authentication Client obtain the mapping relations of verification mode and attribute information to certificate server.
In the present embodiment, Authentication Client can send mapping relations request to certificate server, so that authentication service
Device issues reflecting for preconfigured check system and attribute information after receiving mapping relations request, to Authentication Client
Penetrate relationship;Alternatively, certificate server is actively handed down to certification after having configured the mapping relations of check system and attribute information
Client.
The mapping relations of check system and attribute information are sent to calibration equipment by step 404, Authentication Client, so that school
Experiment device verifies applications client according to verification mode corresponding with the attribute information of applications client.
In the present embodiment, Authentication Client by the mapping relations of check system and attribute information be sent to calibration equipment into
Row saves, after the calibration equipment receives the registration request of applications client transmission, according to the application visitor in registration request
The attribute information at family end selects corresponding verification mode, verifies to applications client.
Optionally, in the present embodiment, attribute information is the signing messages of MD5 value, process name or process.
In the present embodiment, attribute information is specially the signing messages of MD5 value, process name or progress, certificate server
Different verification modes is configured for different attribute informations, wherein the verification mode of legitimacy verifies is carried out most according to process name
Simply, the verification mode for carrying out legitimacy verifies according to the signing messages of process is most stringent, and certificate server can be according to different
The requirement of applications client flexibly configures different verification modes according to the attribute information of applications client, school is effectively ensured
Test the safety of process.
Subscriber identity information and authentication state are sent to calibration equipment by step 405, Authentication Client, so that calibration equipment
After passing through to applications client verification, subscriber identity information and authentication state are sent to applications client.
In the present embodiment, step 405 is identical with the realization principle of the step 303 in above-described embodiment three, herein no longer
It repeats.
It should be noted that in the present embodiment, step 404 and step 405 can be performed simultaneously, can also successively execute, and
And do not limit sequencing.
The processing method of login provided in this embodiment, Authentication Client are corresponding to certificate server transmission user terminal
It is whole to receive the user that certificate server is sent so that certificate server authenticates subscriber identity information for subscriber identity information
The authentication state at end, and to the mapping relations of certificate server acquisition verification mode and attribute information, by check system and attribute
The mapping relations of information are sent to calibration equipment, so that calibration equipment is according to verification corresponding with the attribute information of applications client
Mode verifies applications client, and subscriber identity information and authentication state are sent to calibration equipment, so that verification fills
It sets after passing through to applications client verification, sends subscriber identity information and authentication state to applications client.In the present embodiment,
Certification visitor is sent to since certificate server only authenticates the corresponding subscriber identity information of user terminal, and by authentication result
Family end, then calibration equipment is transmitted to by Authentication Client, each applications client of user terminal only needs to be carried out by calibration equipment
Login can be realized in verification, effectively reduces and the workload of certificate server, thus reduce the load of certificate server,
Accelerate the speed of single sign-on authentication.Moreover, certificate server can be according to the requirement of different applications clients, according to application
The attribute information of client flexibly configures different verification modes, and the safety of checking procedure is effectively ensured.
Fig. 7 is the Signalling exchange schematic diagram of one example of processing method for the login that the embodiment of the present invention five provides.Based on upper
Configuration diagram shown in Fig. 2 is stated, as shown in fig. 7, method includes the following steps:
Step 501, Authentication Client send the identity information of the corresponding user of user terminal to certificate server first.
After step 502, certificate server receive subscriber identity information, subscriber identity information is authenticated, certification is logical
Later authentication state is sent to Authentication Client.
After step 503, Authentication Client receive authentication state, all of user terminal are obtained to certificate server and are answered
With the verification mode of client and the mapping relations of attribute information.
The mapping relations of preconfigured verification mode and attribute information are sent to certification by step 504, certificate server
Client.
The authentication state of subscriber identity information and user terminal is sent to calibration equipment by step 505, Authentication Client.
Step 506, calibration equipment receive and save the authentication state of subscriber identity information and user terminal.
The mapping relations of verification mode and attribute information are sent to calibration equipment by step 507, Authentication Client.
Step 508, calibration equipment receive and save the mapping relations of verification mode and attribute information.
Step 509, when applications client carry out single-sign-on when, to calibration equipment send include applications client attribute
The registration message of information.
Step 510, calibration equipment select verification mode corresponding with the attribute information of applications client, to applications client
Access legitimacy verified.
After step 511, verification pass through, calibration equipment sends the message that succeeds in registration to applications client, that is, allows using visitor
Family end carry out single sign-on authentication, if do not return succeed in registration message if registration failure.
Step 512, applications client receive succeed in registration message after, to calibration equipment send log messages.
After step 513, calibration equipment receive log messages, subscriber identity information and certification shape are sent to applications client
State.
After receiving authentication state, transmission login success message is complete to application server for step 514, applications client
At single-sign-on.
The processing method of login provided in this embodiment reflects the check system of certificate server configuration and attribute information
The authentication state for penetrating relationship, subscriber identity information and user terminal is stored into calibration equipment, when applications client carries out single-point
When login, directly by calibration equipment according to verification mode corresponding with the acquisition of the attribute information of applications client, to application client
End is verified, and is effectively reduced the workload of certificate server, to reduce the load of certificate server, is accelerated single-point
The speed of login authentication.
Fig. 8 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention six provides.As shown in figure 8, the device
Including receiving module 21, sending module 22 and correction verification module 23.Wherein, receiving module 21 is used to receive Authentication Client transmission
The authentication state of user terminal corresponding subscriber identity information and user terminal, authentication state show certificate server to user's body
The result that part information is authenticated;Receiving module 21 is used to receive the registration request of applications client transmission;Wherein, registration request
In include applications client attribute information;Correction verification module 23 is used to verify applications client according to attribute information, and
After verification passes through, triggering sending module 22 sends the message that succeeds in registration to applications client, so that applications client is stepped on
Record;Receiving module 21 is also used to receive the log messages of applications client transmission;Sending module 22 is also used to applications client
Authentication state and subscriber identity information are sent, so that applications client sends to application server and wraps after confirmation certification passes through
The login success message of subscriber identity information is included to log on to application server.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 3, realization principle and skill
Art effect is similar, and details are not described herein again.
Fig. 9 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention seven provides.In above-described embodiment six
On the basis of, as shown in figure 9, correction verification module 23 includes query unit 24 and processing unit 25.Wherein, query unit 24 is for inquiring
The mapping relations of verification mode and attribute information obtain verification mode corresponding with the attribute information of applications client;Wherein, it reflects
Penetrating relationship is the mapping relations obtained by Authentication Client from certificate server;Processing unit 25 is used for basis and application client
The corresponding verification mode of the attribute information at end verifies applications client.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 4, realization principle and skill
Art effect is similar, and details are not described herein again.
Figure 10 is the structural schematic diagram for the calibration equipment that the embodiment of the present invention eight provides.As shown in Figure 10, the calibration equipment
Including receiver 31, transmitter 32 and processor 33.Receiver 31 is used to receive recognizing for the user terminal of Authentication Client transmission
Card state and subscriber identity information;Receiver 31 is used to receive the registration request of applications client transmission;Wherein, in registration request
Attribute information including applications client;Processor 33 is used to verify applications client, and according to attribute information in school
It tests by rear, triggering transmitter 32 sends the message that succeeds in registration to applications client, so that applications client is logged in;It receives
Device 31 is also used to receive the log messages of applications client transmission;Transmitter 32 is also used to send authentication state to applications client
And subscriber identity information, so that it includes that user identity is believed that applications client after confirmation certification passes through, is sent to application server
Login success message is ceased to log on to application server.
Further, in the present embodiment, processor 33 is also used to inquire the mapping relations of verification mode and attribute information,
Verification mode corresponding with the attribute information of applications client is obtained, and according to school corresponding with the attribute information of applications client
Proved recipe formula verifies applications client.
Closer, in the present embodiment, verification client may also include memory (not shown), for storing
The mapping relations of applications client transmission authentication state and verification mode and attribute information.
The verification client of the present embodiment can be used for executing the processing method logged in provided by Fig. 3 or Fig. 4 of the present invention
Technical solution, it is similar that the realization principle and technical effect are similar, and details are not described herein again.
Figure 11 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention nine provides.As shown in figure 11, the dress
It sets including 41 receiving module 42 of sending module and authentication module 43.Authentication module 43 is sent out by sending module 41 to certificate server
Send user terminal corresponding subscriber identity information, so that certificate server authenticates subscriber identity information;Authentication module 43
The authentication state for the user terminal that certificate server is sent is received by receiving module 42;Authentication module 43 passes through sending module 41
Subscriber identity information and authentication state are sent to calibration equipment so that calibration equipment to applications client verification pass through after,
Subscriber identity information and authentication state are sent to applications client.
Further, in the present embodiment, authentication module 43 is also obtained to certificate server by receiving module 42 and is examined
The mapping relations of mode and attribute information;Authentication module 43 also passes through sending module 41 for the mapping of check system and attribute information
Relationship is sent to calibration equipment, so that calibration equipment is according to verification mode corresponding with the attribute information of applications client, it is corresponding
It is verified with client.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 5 or Fig. 6, realize former
Reason is similar with technical effect, and details are not described herein again.
Figure 12 is the structural schematic diagram for the Authentication Client that the embodiment of the present invention ten provides.As shown in figure 12, client is authenticated
End includes transmitter 44, receiver 45 and processor 46.Processor 46 sends user's end to certificate server by transmitter 44
Corresponding subscriber identity information is held, so that certificate server authenticates subscriber identity information;Processor 46 passes through receiver
45 receive the authentication state for the user terminal that certificate server is sent;Processor 46 by transmitter 44 by subscriber identity information and
Authentication state is sent to calibration equipment, so that calibration equipment is sent after passing through to applications client verification to applications client
Subscriber identity information and authentication state.
Further, in the present embodiment, processor 46 also obtains check system to certificate server by receiver 45
With the mapping relations of attribute information;Processor 46 is also sent check system and the mapping relations of attribute information by transmitter 44
To calibration equipment, so that calibration equipment is according to verification mode corresponding with the attribute information of applications client, to applications client
It is verified.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 5 or Fig. 6, realize former
Reason is similar with technical effect, and details are not described herein again.
Figure 13 is the structural schematic diagram for the user terminal that the embodiment of the present invention 11 provides.As shown in figure 12, user terminal
Including Authentication Client 51, calibration equipment 52 and applications client 53.Authentication Client 51 is used to send to certificate server and use
The corresponding subscriber identity information of family terminal, and the authentication state of the user terminal of certificate server transmission is received, by user identity
Information and the authentication state of user terminal are sent to calibration equipment 52;Calibration equipment 52 is used to receive what Authentication Client hair 51 was sent
The authentication state of subscriber identity information and user terminal, after the registration request for receiving the transmission of applications client 53, according to
The attribute information for including in registration request verifies applications client 53, and after verification passes through, to applications client 53
Transmission is succeeded in registration message, after receiving the log messages that applications client 53 is sent, sends user to applications client 53
Identity information and authentication state;It wherein, include the attribute information of applications client 53 in registration request;Applications client 53 is used for
Registration request is sent to calibration equipment 52, and after receiving the message that succeeds in registration that calibration equipment 52 is sent, to calibration equipment
52 send log messages, after receiving the subscriber identity information and authentication state that calibration equipment 52 is sent, send to application server
Including subscriber identity information login success message to log on to the application server.
Further, in the present embodiment, Authentication Client 51 is also used to obtain verification mode and category to certificate server
The mapping relations of property information, and the mapping relations of check system and attribute information are sent to calibration equipment 52;Calibration equipment 52
It is also used to inquire the mapping relations of verification mode and attribute information, obtains verification corresponding with the attribute information of applications client 53
Mode, and applications client 53 is verified according to verification mode corresponding with the attribute information of applications client 53.
The user terminal of the present embodiment can be used for executing the processing method of login provided by any embodiment of the invention
Technical solution, it is similar that the realization principle and technical effect are similar, and details are not described herein again.
Figure 14 is the structural schematic diagram for the login system that the embodiment of the present invention 12 provides.As shown in figure 14, the login system
System includes the user terminal 61 and certificate server 62 that embodiment illustrated in fig. 13 provides.Wherein, certificate server 62 is used for basis
The subscriber identity information that the user terminal received is sent, authenticates user terminal, and after certification passes through, will authenticate
State is sent to user terminal, and authentication state shows the result that certificate server authenticates subscriber identity information.
Further, in the present embodiment, login system further includes that application server (not shown) is used for receiving
The login success message that family terminal is sent, and according to the subscriber identity information for including in login success message, it obtains and user's body
The account of part information association, and allow the applications client of the corresponding user terminal 61 of account online;Wherein, in application server
Store the incidence relation between the account and subscriber identity information of applications client;Certificate server 62 is also used to configure user's end
Mapping relations between the attribute information and verification mode of the applications client at end, and mapping relations are sent to user terminal.
The login system of the present embodiment can be used for executing the processing method of login provided by any embodiment of the invention
Technical solution, it is similar that the realization principle and technical effect are similar, and details are not described herein again.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to
The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey
When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or
The various media that can store program code such as person's CD.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (13)
1. a kind of processing method of login, which is characterized in that the processing method be applied to calibration equipment, the calibration equipment,
Authentication Client and applications client are located at same user terminal, comprising:
The calibration equipment receives the corresponding subscriber identity information of the user terminal that the Authentication Client is sent and described
The authentication state of user terminal, the authentication state show the knot that certificate server authenticates the subscriber identity information
Fruit;
The calibration equipment receives the registration request that the applications client is sent;It wherein, include described in the registration request
The attribute information of applications client;
The calibration equipment verifies the applications client according to the attribute information, and after verification passes through, to institute
It states applications client and sends the message that succeeds in registration, to notify that the applications client is logged in;
After the calibration equipment receives the log messages that the applications client is sent, described in the transmission of Xiang Suoshu applications client
Authentication state and the subscriber identity information, so that the applications client is sent out after confirmation certification passes through to application server
The login success message including the subscriber identity information is sent to log on to the application server.
2. the method according to claim 1, wherein the calibration equipment is according to the attribute information, to described
Applications client is verified, and is specifically included:
The mapping relations of calibration equipment the inquiry verification mode and attribute information, obtain and believe with the attribute of the applications client
Cease corresponding verification mode;Wherein, the mapping relations are the mapping relations obtained by Authentication Client from certificate server;
The calibration equipment is according to the verification mode corresponding with the attribute information of the applications client to the application visitor
Family end is verified.
3. method according to claim 1 or claim 2, which is characterized in that the attribute information be Message Digest 5 MD5 value, into
The signing messages of journey name or process.
4. a kind of processing method of login, which is characterized in that the processing method is applied to Authentication Client, the certification client
End, calibration equipment and applications client are located at same user terminal, comprising:
The Authentication Client sends the corresponding subscriber identity information of the user terminal to certificate server, so that the certification
Server authenticates the subscriber identity information;
The Authentication Client receives the authentication state for the user terminal that the certificate server is sent;Wherein, described to recognize
Card state shows the result that certificate server authenticates the subscriber identity information;
The subscriber identity information and the authentication state are sent to calibration equipment by the Authentication Client, so that the verification
After passing through to applications client verification, Xiang Suoshu applications client sends the subscriber identity information and described recognizes device
Card state;
After the Authentication Client receives the authentication state for the user terminal that the certificate server is sent, the method
Further include:
The Authentication Client obtains the mapping relations of verification mode and attribute information to certificate server;
The mapping relations of the verification mode and attribute information are sent to the calibration equipment by the Authentication Client, so that institute
The mapping relations that calibration equipment inquires the verification mode and attribute information are stated, the attribute information with the applications client is obtained
Corresponding verification mode, and according to verification mode corresponding with the attribute information of the applications client, to the application client
End is verified.
5. according to the method described in claim 4, it is characterized in that, the attribute information is Message Digest 5 MD5 value, process
The signing messages of name or process.
6. a kind of processing unit of login characterized by comprising
Receiving module, for receiving the corresponding subscriber identity information of user terminal of Authentication Client transmission and recognizing for user terminal
Card state;The authentication state shows the result that certificate server authenticates the subscriber identity information;
The receiving module is also used to receive the registration request of applications client transmission;It wherein, include institute in the registration request
State the attribute information of applications client;
Correction verification module is touched for verifying to the applications client, and after verification passes through according to the attribute information
Hair sending module sends the message that succeeds in registration to the applications client, so that the applications client is logged in;
The receiving module is also used to receive the log messages that the applications client is sent;
The sending module is also used to send the authentication state and the subscriber identity information to the applications client, with
Make the applications client confirmation certification pass through after, to application server send include the subscriber identity information login at
Function message is to log on to the application server.
7. device according to claim 6, which is characterized in that the correction verification module includes query unit and processing unit;
The query unit obtains and the applications client for inquiring the mapping relations of verification mode and attribute information
The corresponding verification mode of attribute information;Wherein, the mapping relations are to be reflected by Authentication Client from what certificate server obtained
Penetrate relationship;
The processing unit, for being answered according to the verification mode corresponding with the attribute information of the applications client described
It is verified with client.
8. a kind of processing unit of login characterized by comprising sending module, receiving module and authentication module;Wherein,
The authentication module sends the corresponding subscriber identity information of user terminal to certificate server by the sending module, with
Authenticate the certificate server to the subscriber identity information;
The authentication module receives the certification shape for the user terminal that the certificate server is sent by the receiving module
State;Wherein, the authentication state shows the result that certificate server authenticates the subscriber identity information;
The subscriber identity information and the authentication state are also sent to verification by the sending module by the authentication module
Device, so that the calibration equipment is after passing through applications client verification, Xiang Suoshu applications client sends user's body
Part information and the authentication state;
The authentication module is also closed by the receiving module to the mapping that certificate server obtains verification mode and attribute information
System;
The mapping relations of the verification mode and attribute information are also sent to school by the sending module by the authentication module
Experiment device obtains and the application visitor so that the calibration equipment inquires the mapping relations of the verification mode and attribute information
The corresponding verification mode of the attribute information at family end, and according to verification mode corresponding with the attribute information of the applications client,
The applications client is verified.
9. a kind of user terminal, which is characterized in that including Authentication Client, calibration equipment and applications client;
The Authentication Client for sending the corresponding subscriber identity information of user terminal to certificate server, and receives certification
The subscriber identity information and the authentication state are sent to described by the authentication state for the user terminal that server is sent
Calibration equipment;Wherein, the authentication state shows the result that certificate server authenticates the subscriber identity information;
The calibration equipment, for receiving the subscriber identity information that the Authentication Client is sent and the user terminal
Authentication state, after receiving the registration request that the applications client is sent, according to the category for including in the registration request
Property information, the applications client is verified, and after verification passes through, the transmission of Xiang Suoshu applications client succeeds in registration and disappears
Breath, after receiving the log messages that the applications client is sent, Xiang Suoshu applications client sends the user identity letter
Breath and the authentication state;
The applications client for sending the registration request to the calibration equipment, and is receiving the calibration equipment hair
After the message that succeeds in registration sent, Xiang Suoshu calibration equipment sends log messages, receives the use that the calibration equipment is sent
After family identity information and the authentication state, the login success message including the subscriber identity information is sent to application server
To log on to the application server.
10. user terminal according to claim 9, which is characterized in that
The Authentication Client is also used to obtain the mapping relations of verification mode and attribute information to certificate server, and will be described
Verification mode and the mapping relations of attribute information are sent to the calibration equipment;
The calibration equipment is also used to inquire the mapping relations of verification mode and attribute information, obtains and the applications client
The corresponding verification mode of attribute information, and according to the verification mode corresponding with the attribute information of the applications client to institute
Applications client is stated to be verified.
11. a kind of login system, which is characterized in that including the user terminal and certificate server as described in claim 9 or 10;
The certificate server, the subscriber identity information for being sent according to the user terminal received, to the user
Terminal is authenticated, and after certification passes through, and authentication state is sent to the user terminal;Wherein, the authentication state
Show the result that certificate server authenticates the subscriber identity information.
12. login system according to claim 11, which is characterized in that the login system further includes application server,
The login success message sent for receiving the user terminal, and according to the user identity for including in the login success message
Information, acquisition and the associated account of the subscriber identity information, and allow the corresponding applications client of the account online;Its
In, the incidence relation between the account and subscriber identity information of the applications client is stored in the application server.
13. login system according to claim 11 or 12, which is characterized in that the certificate server is also used to configure
Mapping relations between the attribute information and verification mode of the applications client of the user terminal, and the mapping relations are sent out
Give the user terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410849669.8A CN105812138B (en) | 2014-12-31 | 2014-12-31 | Processing method, device, user terminal and the login system of login |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410849669.8A CN105812138B (en) | 2014-12-31 | 2014-12-31 | Processing method, device, user terminal and the login system of login |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105812138A CN105812138A (en) | 2016-07-27 |
CN105812138B true CN105812138B (en) | 2019-05-28 |
Family
ID=56421506
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410849669.8A Active CN105812138B (en) | 2014-12-31 | 2014-12-31 | Processing method, device, user terminal and the login system of login |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105812138B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209905B (en) * | 2016-08-16 | 2020-01-24 | 新华三技术有限公司 | Network security management method and device |
CN110572388B (en) * | 2019-09-05 | 2022-01-04 | 北京宝兰德软件股份有限公司 | Method for connecting unified authentication server and unified authentication adapter |
CN114827692A (en) * | 2022-04-29 | 2022-07-29 | 深圳市瑞云科技有限公司 | System for operating cloud desktop based on smart television |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140012690A1 (en) * | 2012-07-05 | 2014-01-09 | Paynearme, Inc. | Systems and Methods for Facilitating Cash-Based Transactions |
CN104065616B (en) * | 2013-03-20 | 2017-06-20 | 中国移动通信集团公司 | Single-point logging method and system |
CN103501344B (en) * | 2013-10-10 | 2017-08-01 | 瑞典爱立信有限公司 | The method and system of single-sign-on are realized in many applications |
-
2014
- 2014-12-31 CN CN201410849669.8A patent/CN105812138B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN105812138A (en) | 2016-07-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108462704B (en) | Login validation method, device, computer equipment and storage medium | |
CN107294721B (en) | The method and apparatus of identity registration, certification based on biological characteristic | |
CN109413096B (en) | A kind of login method and device more applied | |
CN104378376B (en) | Single-point logging method, certificate server and browser based on SOA | |
US9292670B2 (en) | Systems and methods for generating and authenticating one time dynamic password based on context information | |
US10523665B2 (en) | Authentication on thin clients using independent devices | |
CN105246073B (en) | The access authentication method and server of wireless network | |
CN109450649A (en) | Gateway verification method and device based on application program interface and electronic equipment | |
CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
US9756028B2 (en) | Methods, systems and computer program products for secure access to information | |
US9009793B2 (en) | Dynamic pin dual factor authentication using mobile device | |
CN105099707B (en) | A kind of offline authentication method, server and system | |
CN110213223A (en) | Business management method, device, system, computer equipment and storage medium | |
CN105681258B (en) | Session method and conversational device based on third-party server | |
CN108965341A (en) | The method, apparatus and system of login authentication | |
CN105022939B (en) | Information Authentication method and device | |
CN106453396A (en) | Double token account login method and login verification device | |
CN110365483A (en) | Cloud platform authentication method, client, middleware and system | |
JP2013097650A (en) | Authentication system, authentication method and authentication server | |
CN106254328B (en) | A kind of access control method and device | |
CN108600234A (en) | A kind of auth method, device and mobile terminal | |
CN103634111B (en) | Single-point logging method and system and single sign-on client-side | |
CN105812138B (en) | Processing method, device, user terminal and the login system of login | |
CN109829321A (en) | A kind of method, apparatus of authenticating identity, equipment and storage medium | |
CN110166471A (en) | A kind of portal authentication method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |