CN105812138B - Processing method, device, user terminal and the login system of login - Google Patents

Processing method, device, user terminal and the login system of login Download PDF

Info

Publication number
CN105812138B
CN105812138B CN201410849669.8A CN201410849669A CN105812138B CN 105812138 B CN105812138 B CN 105812138B CN 201410849669 A CN201410849669 A CN 201410849669A CN 105812138 B CN105812138 B CN 105812138B
Authority
CN
China
Prior art keywords
applications client
client
authentication
sent
subscriber identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410849669.8A
Other languages
Chinese (zh)
Other versions
CN105812138A (en
Inventor
陈智勇
谢永方
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201410849669.8A priority Critical patent/CN105812138B/en
Publication of CN105812138A publication Critical patent/CN105812138A/en
Application granted granted Critical
Publication of CN105812138B publication Critical patent/CN105812138B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The embodiment of the present invention provides processing method, device, user terminal and the login system of a kind of login, this method comprises: calibration equipment receives the authentication state of the user terminal corresponding subscriber identity information and the user terminal that Authentication Client is sent;The calibration equipment receives the registration request that the applications client is sent;The calibration equipment verifies the applications client according to the attribute information, and after verification passes through, and Xiang Suoshu applications client sends the message that succeeds in registration, to notify that the applications client is logged in;The calibration equipment receives after the log messages that the applications client is sent, the authentication state and the subscriber identity information are sent to the applications client, so that the applications client is after confirmation certification passes through, the login success message including the subscriber identity information is sent to log on to the application server, to reduce the load of certificate server to application server.

Description

Processing method, device, user terminal and the login system of login
Technical field
The present embodiments relate to the communication technology more particularly to a kind of processing method of login, device, user terminal and step on Recording system.
Background technique
Single-sign-on (Single Sign On, referred to as SSO) is in multiple application systems, for example, microblog system, postal Part system, Taobao's system, wechat system etc., user only need to log in a system once, so that it may access all mutual The application system of trust is one of the solution of business event integration popular at present.
Fig. 1 is the application scenarios schematic diagram of single-point logging method in the prior art.As shown in Figure 1, the scene includes certification Server 1, application server 2, Authentication Client 3 and applications client 4, wherein Authentication Client 3 and applications client 4 In the same user terminal.The subscriber identity information of user terminal is sent to certificate server 1 by Authentication Client 3, certification Server 1 compares subscriber identity information with user information database, carries out login authentication to user, after authenticating successfully, certification clothes Business, 1 generates unified authentication marks (token), and token is sent to Authentication Client 3, and Authentication Client 3 sends out token Applications client 4 is given, when applications client 4 logs in, token is sent to application server 2, application server 2 will Token is sent to certificate server, and certificate server 1 is verified and identified to the token sent, will after verification passes through Authentication result is sent to application server 2, and authentication result is sent to applications client 4 again by application server 2.
But since a user terminal is there are multiple applications clients, when each applications client logs in, require Token is verified into certificate server, so that the load of certificate server is big, certification speed is slow.
Summary of the invention
The embodiment of the present invention provides processing method, device, user terminal and the login system of a kind of login, effectively reduces The workload of certificate server accelerates the speed of single sign-on authentication to reduce the load of certificate server.
First aspect of the embodiment of the present invention provides a kind of processing method of login, and the processing method is applied to verification dress It sets, the calibration equipment, Authentication Client and applications client are located at same user terminal, comprising:
The calibration equipment receive the corresponding subscriber identity information of the user terminal that the Authentication Client is sent and The authentication state of the user terminal, the authentication state show what certificate server authenticated the subscriber identity information As a result;
The calibration equipment receives the registration request that the applications client is sent;Wherein, include in the registration request The attribute information of the applications client;
The calibration equipment verifies the applications client according to the attribute information, and after verification passes through, The message that succeeds in registration is sent to the applications client, to notify that the applications client is logged in;
After the calibration equipment receives the log messages that the applications client is sent, Xiang Suoshu applications client is sent The authentication state and the subscriber identity information so that the applications client confirmation certification pass through after, to application service Device sends the login success message including the subscriber identity information to log on to the application server.
In the first possible implementation of first aspect, the calibration equipment is according to the attribute information, to described Applications client is verified, and is specifically included:
The mapping relations of calibration equipment the inquiry verification mode and attribute information, obtain the category with the applications client The property corresponding verification mode of information;Wherein, the mapping relations are the mapping obtained by Authentication Client from certificate server Relationship;
The calibration equipment is answered according to the verification mode corresponding with the attribute information of the applications client described It is verified with client.
The possible implementation of with reference to first aspect the first, in second of possible implementation of first aspect, institute State the signing messages that attribute information is Message Digest 5 MD5 value, process name or process.
Second aspect of the embodiment of the present invention provides a kind of processing method of login, and the processing method is applied to certification client End, the Authentication Client, calibration equipment and applications client are located at same user terminal, comprising:
The Authentication Client sends the corresponding subscriber identity information of the user terminal to certificate server, so that described Certificate server authenticates the subscriber identity information;
The Authentication Client receives the authentication state for the user terminal that the certificate server is sent, wherein institute It states authentication state and shows the result that certificate server authenticates the subscriber identity information;
The subscriber identity information and the authentication state are sent to calibration equipment by the Authentication Client, so that described For calibration equipment after passing through to applications client verification, Xiang Suoshu applications client sends the subscriber identity information and institute State authentication state.
In the first possible implementation of second aspect, the Authentication Client receives the certificate server and sends The user terminal authentication state after, the method also includes:
The Authentication Client obtains the mapping relations of verification mode and attribute information to certificate server;
The mapping relations of the check system and attribute information are sent to the calibration equipment by the Authentication Client, with Make the calibration equipment according to verification mode corresponding with the attribute information of applications client, school is carried out to the applications client It tests.
In conjunction with the first possible implementation of second aspect, in second of possible implementation of second aspect, institute State the signing messages that attribute information is Message Digest 5 MD5 value, process name or process.
The third aspect of the embodiment of the present invention provides a kind of processing unit of login, comprising:
Receiving module, for receiving the corresponding subscriber identity information of user terminal and the user that Authentication Client is sent The authentication state of terminal;The authentication state shows the result that certificate server authenticates the subscriber identity information;
The receiving module is also used to receive the registration request of applications client transmission;Wherein, it is wrapped in the registration request Include the attribute information of the applications client;
Correction verification module, for being verified to the applications client, and pass through in verification according to the attribute information Afterwards, triggering sending module sends the message that succeeds in registration to the applications client, so that the applications client is logged in;
The receiving module is also used to receive the log messages that the applications client is sent;
The sending module is also used to send the authentication state and user identity letter to the applications client Breath, so that it includes the subscriber identity information that the applications client after confirmation certification passes through, is sent to application server Login success message is to log on to the application server.
In the first possible implementation of the third aspect, the correction verification module includes query unit and processing unit;
The query unit obtains and the application client for inquiring the mapping relations of verification mode and attribute information The corresponding verification mode of the attribute information at end;Wherein, the mapping relations are to be obtained by Authentication Client from certificate server Mapping relations;
The processing unit, for the verification mode corresponding with the attribute information of the applications client according to institute Applications client is stated to be verified.
Fourth aspect of the embodiment of the present invention provides a kind of processing unit of login, comprising: sending module, receiving module and recognizes Demonstrate,prove module;Wherein,
The authentication module sends the corresponding user identity letter of user terminal to certificate server by the sending module Breath, so that the certificate server authenticates the subscriber identity information;
The authentication module receives recognizing for the user terminal that the certificate server is sent by the receiving module Card state, wherein the authentication state shows the result that certificate server authenticates the subscriber identity information;
The subscriber identity information and the authentication state are also sent to by the sending module by the authentication module The calibration equipment, so that the calibration equipment is after passing through applications client verification, Xiang Suoshu applications client is sent out Send the subscriber identity information and the authentication state.
In the first possible implementation of fourth aspect, the authentication module is also by the receiving module to certification The mapping relations of server acquisition check system and attribute information;
The authentication module is also sent the check system and the mapping relations of attribute information by the sending module To calibration equipment, so that the calibration equipment is answered according to verification mode corresponding with the attribute information of applications client described It is verified with client.
The 5th aspect of the embodiment of the present invention provides a kind of user terminal, including Authentication Client, calibration equipment and application visitor Family end;
The Authentication Client for sending the corresponding subscriber identity information of user terminal to certificate server, and receives The subscriber identity information and the authentication state are sent institute by the authentication state for the user terminal that certificate server is sent It states to calibration equipment;Wherein, the authentication state shows the result that certificate server authenticates the subscriber identity information;
The calibration equipment, for receiving the subscriber identity information and user end that the Authentication Client is sent The authentication state at end includes according in the registration request after receiving the registration request that the applications client is sent Attribute information, the applications client is verified, and after verification passes through, Xiang Suoshu applications client transmission register Function message, after receiving the log messages that the applications client is sent, Xiang Suoshu applications client sends user's body Part information and the authentication state;
The applications client for sending the registration request to the calibration equipment, and is receiving the verification dress After setting the message that succeeds in registration of transmission, Xiang Suoshu calibration equipment sends log messages, receives the institute that the calibration equipment is sent After stating subscriber identity information and the authentication state, sending to application server includes logining successfully for the subscriber identity information Message is to log on to the application server.
In the first possible implementation of the 5th aspect, the Authentication Client is also used to obtain to certificate server The mapping relations of verification mode and attribute information, and the mapping relations of the check system and attribute information are sent to the school Experiment device;
The calibration equipment is also used to inquire the mapping relations of verification mode and attribute information, obtains and the application client The corresponding verification mode of the attribute information at end, and according to the verification mode corresponding with the attribute information of the applications client The applications client is verified.
The 6th aspect of the embodiment of the present invention provides a kind of login system, any one user provided including the 5th aspect is whole End and certificate server;
The certificate server, the subscriber identity information for being sent according to the user terminal received, to described User terminal is authenticated, and after certification passes through, and authentication state is sent to the user terminal;Wherein, the certification State shows the result that certificate server authenticates the subscriber identity information.
In the first possible implementation of the 6th aspect, the login system further includes application server, for connecing Receive the login success message that the user terminal is sent, and according to the subscriber identity information for including in the login success message, Acquisition and the associated account of the subscriber identity information, and allow the corresponding applications client of the account online;Wherein, described The incidence relation between the account and subscriber identity information of the applications client is stored in application server.
The possible implementation of with reference to first aspect the first, in second of possible implementation of first aspect, institute Certificate server is stated, is also used to configure the mapping between the attribute information and verification mode of the applications client of the user terminal Relationship, and the mapping relations are sent to the user terminal.
The processing method of login provided in this embodiment receives the user terminal that Authentication Client is sent by calibration equipment The authentication state of corresponding subscriber identity information and user terminal, when receive applications client transmission includes applications client Attribute information registration request after, according to attribute information, applications client is verified, and after verification passes through, Xiang Ying The message that succeeds in registration is sent with client, to notify applications client to be logged in, then receives stepping on for applications client transmission After recording message, subscriber identity information and authentication state are sent to applications client, so that applications client is logical in confirmation certification Later, the login success message including subscriber identity information is sent to log on to application server to application server.This implementation In example, since certificate server only needs to authenticate the subscriber identity information of user terminal, and authentication result is sent to Authentication Client, then calibration equipment is sent to by Authentication Client, when the applications client of user terminal logs in, do not need It is authenticated in certificate server, it is only necessary to which calibration equipment carries out verifying can be realized stepping on to the attribute information of applications client Record, is effectively reduced the load of certificate server, accelerates certification speed.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without any creative labor, can be with It obtains other drawings based on these drawings.
Fig. 1 is the application scenarios schematic diagram of single-point logging method in the prior art;
Fig. 2 is the application scenarios schematic diagram of the processing method of login provided in an embodiment of the present invention;
Fig. 3 is the processing method flow chart for the login that the embodiment of the present invention one provides;
Fig. 4 is the processing method flow chart of login provided by Embodiment 2 of the present invention;
Fig. 5 is the processing method flow chart for the login that the embodiment of the present invention three provides;
Fig. 6 is the processing method flow chart for the login that the embodiment of the present invention four provides;
Fig. 7 is the Signalling exchange schematic diagram of one example of processing method for the login that the embodiment of the present invention five provides;
Fig. 8 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention six provides;
Fig. 9 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention seven provides;
Figure 10 is the structure for the calibration equipment that the embodiment of the present invention eight provides;
Figure 11 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention nine provides;
Figure 12 is the structural schematic diagram for the Authentication Client that the embodiment of the present invention ten provides;
Figure 13 is the structural schematic diagram for the user terminal that the embodiment of the present invention 11 provides;
Figure 14 is the structural schematic diagram for the login system that the embodiment of the present invention 12 provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 2 is the application scenarios schematic diagram of the processing method of login provided in an embodiment of the present invention.As shown in Fig. 2, this is answered It include certificate server 10, user terminal 15 and application server 14 with scene, wherein user terminal 15 includes Authentication Client 11, calibration equipment 12 and applications client 13.It should be noted that the user terminal 15 may include multiple in the present embodiment Applications client is not limited with Fig. 2.
Fig. 3 is the processing method flow chart for the login that the embodiment of the present invention one provides.The processing method of the login is applied to Calibration equipment, calibration equipment, Authentication Client and applications client are located at same user terminal, as shown in figure 3, this method includes Following steps:
Step 101, calibration equipment receive the corresponding subscriber identity information of user terminal and user that Authentication Client is sent The authentication state of terminal.
In the present embodiment, authentication state show certificate server to subscriber identity information authenticated as a result, i.e. should Whether the corresponding subscriber identity information of user terminal passes through certification.Authentication Client sends user terminal to certificate server and corresponds to Subscriber identity information, certificate server authenticates the subscriber identity information, and after authentication is complete, by user terminal Authentication state be sent to Authentication Client, then by the authentication state of user terminal and pass through the user of certification by Authentication Client Identity information is handed down to calibration equipment and is saved.
Step 102, calibration equipment receive the registration request that applications client is sent.
It wherein, include the attribute information of applications client in registration request.
In the present embodiment, applications client is specifically as follows microblogging client, Mail Clients, Taobao's client, micro- Believe client etc., when applications client needs to carry out single-sign-on, first sends registration request, the registration request to calibration equipment In include applications client attribute information.
Step 103, calibration equipment verify applications client according to attribute information, and after verification passes through, Xiang Ying The message that succeeds in registration is sent with client, to notify applications client to be logged in.
In the present embodiment, calibration equipment can arbitrarily select a kind of verification side according to the attribute information of applications client Formula verifies applications client, can also be verified according to prespecified verification mode to applications client.Verification By rear, calibration equipment sends the message that succeeds in registration to applications client, and notice applications client starts to log in.If verification is lost It loses, then sends registration failure message to applications client, alternatively, do not send any message to applications client, then application client End not will do it single-sign-on.
After step 104, calibration equipment receive the log messages that applications client is sent, sends and authenticate to applications client State and subscriber identity information, so that it includes user's body that applications client after confirmation certification passes through, is sent to application server The login success message of part information is to log on to application server.
In the present embodiment, login success message includes subscriber identity information, and subscriber identity information is specially user terminal Corresponding mark, coding etc., for example, phone number.The account of the applications client is saved in application server with the user's Incidence relation between subscriber identity information, application server is after receiving the login success message, according to login success message In subscriber identity information obtain account associated by the subscriber identity information, and allow in the corresponding applications client of the account Line.
The processing method of login provided in this embodiment receives the user terminal that Authentication Client is sent by calibration equipment The authentication state of corresponding subscriber identity information and user terminal, when receive applications client transmission includes applications client Attribute information registration request after, according to attribute information, applications client is verified, and after verification passes through, Xiang Ying The message that succeeds in registration is sent with client, to notify applications client to be logged in, then receives stepping on for applications client transmission After recording message, subscriber identity information and authentication state are sent to applications client, so that applications client is logical in confirmation certification Later, the login success message including subscriber identity information is sent to log on to application server to application server.This implementation In example, since certificate server only needs to authenticate the subscriber identity information of user terminal, and authentication result is sent to Authentication Client, then calibration equipment is sent to by Authentication Client, when the applications client of user terminal logs in, do not need It is authenticated in certificate server, it is only necessary to which calibration equipment carries out verifying can be realized stepping on to the attribute information of applications client Record, is effectively reduced the load of certificate server, accelerates certification speed.
Fig. 4 is the processing method flow chart of login provided by Embodiment 2 of the present invention.On the basis of the above embodiment 1, As shown in figure 4, the specific implementation of step " calibration equipment verifies applications client according to attribute information " include with Lower step:
Step 201, calibration equipment inquiry verification mode and the mapping relations for verifying attribute information, acquisition and applications client The corresponding verification mode of attribute information.
Wherein, mapping relations are the mapping relations obtained by Authentication Client from certificate server.
In the present embodiment, verification mode and the mapping relations of verification attribute information are configured by certificate server, certification clothes Business device can flexibly configure corresponding verification mode according to the attribute information of applications client.Authentication Client is from authentication service It, will be using visitor after device obtains the verification mode of all applications clients of user terminal and the mapping relations of verification attribute information The verification mode at family end is sent to calibration equipment with verification attribute information and is stored.
Step 202, calibration equipment are according to verification mode corresponding with the attribute information of applications client, to applications client It is verified.
Optionally, in the present embodiment, attribute information is Message Digest Algorithm 5 (Message Digest Algorithm 5, abbreviation MD5) value, process name or process signing messages.
It should be noted that the method and step principle in the present embodiment in the realization principle and embodiment of other methods step Identical, details are not described herein again.
In the present embodiment, attribute information is specially the signing messages of MD5 value, process name or progress, certificate server Different verification modes is configured for different attribute informations, wherein the verification mode of legitimacy verifies is carried out most according to process name Simply, the verification mode for carrying out legitimacy verifies according to the signing messages of process is most stringent, and certificate server can be according to different The requirement of applications client flexibly configures different verification modes according to the attribute information of applications client, school is effectively ensured Test the safety of process.
The processing method of login provided in this embodiment, calibration equipment receive the note of the attribute information comprising applications client Volume request, inquiry verification mode and the mapping relations for verifying attribute information obtain corresponding with the attribute information of applications client Verification mode, and according to verification mode corresponding with the attribute information of applications client, applications client is verified, so that The applications client of user terminal does not need to be authenticated into certificate server when logging in, only by calibration equipment to application client The attribute information at end, which carries out verification, can be realized login, the workload of certificate server be effectively reduced, to reduce certification The load of server accelerates the speed of single sign-on authentication.Also, certificate server can be according to different applications clients It is required that flexibly configuring different verification modes according to the attribute information of applications client, the safety of checking procedure is effectively ensured Property.
Fig. 5 is the processing method flow chart for the login that the embodiment of the present invention three provides.The processing method of the login is applied to Authentication Client, Authentication Client, calibration equipment and applications client are located at same user terminal, as shown in figure 5, this method packet Include following steps:
Step 301, Authentication Client send the corresponding subscriber identity information of user terminal to certificate server, so that certification Server authenticates subscriber identity information.
In the present embodiment, subscriber identity information is specially the corresponding mark of user terminal, coding etc., for example, cell-phone number Code.
Step 302, Authentication Client receive the authentication state for the user terminal that certificate server is sent.
In the present embodiment, certificate server authenticates the corresponding subscriber identity information of user terminal, and certification passes through Afterwards, authentication state is sent to Authentication Client by certificate server.
Subscriber identity information and authentication state are sent to calibration equipment by step 303, Authentication Client, so that calibration equipment After passing through to applications client verification, subscriber identity information and authentication state are sent to applications client.
In the present embodiment, Authentication Client is sent out by the authentication state of user terminal and by the subscriber identity information of certification It gives calibration equipment to be saved, after calibration equipment, which carries out verification to applications client, to be passed through, and receives applications client hair After the log messages sent, calibration equipment answers the subscriber identity information of the user terminal and the authentication state applications client After passing through certification with client confirmation user terminal, sending to application server includes that logining successfully for subscriber identity information disappears Breath, to log on to application server.
It is corresponding to send user terminal from Authentication Client to certificate server for the processing method of login provided in this embodiment Subscriber identity information receive the user that certificate server is sent so that certificate server authenticates subscriber identity information The authentication state of terminal, and subscriber identity information and authentication state are sent to calibration equipment, so that calibration equipment is to application After client verification passes through, subscriber identity information and authentication state are sent to applications client.In the present embodiment, since certification takes Business device only authenticates the corresponding subscriber identity information of user terminal, and subscriber identity information and authentication state are sent to and recognized Client is demonstrate,proved, then calibration equipment is transmitted to by Authentication Client, each applications client of user terminal is only needed by calibration equipment Carrying out verification can be realized login, effectively reduce the workload of certificate server, so that the load of certificate server is reduced, Accelerate the speed of single sign-on authentication.
Fig. 6 is the processing method flow chart for the login that the embodiment of the present invention four provides.As shown in fig. 6, this method include with Lower step:
Step 401, Authentication Client send the corresponding subscriber identity information of user terminal to certificate server, so that certification Server authenticates subscriber identity information.
Step 402, Authentication Client receive the authentication state for the user terminal that certificate server is sent.
In the present embodiment, step 401 and step 402 respectively with the step 301 and step 302 in above-described embodiment three Realization principle is identical, and details are not described herein again.
Step 403, Authentication Client obtain the mapping relations of verification mode and attribute information to certificate server.
In the present embodiment, Authentication Client can send mapping relations request to certificate server, so that authentication service Device issues reflecting for preconfigured check system and attribute information after receiving mapping relations request, to Authentication Client Penetrate relationship;Alternatively, certificate server is actively handed down to certification after having configured the mapping relations of check system and attribute information Client.
The mapping relations of check system and attribute information are sent to calibration equipment by step 404, Authentication Client, so that school Experiment device verifies applications client according to verification mode corresponding with the attribute information of applications client.
In the present embodiment, Authentication Client by the mapping relations of check system and attribute information be sent to calibration equipment into Row saves, after the calibration equipment receives the registration request of applications client transmission, according to the application visitor in registration request The attribute information at family end selects corresponding verification mode, verifies to applications client.
Optionally, in the present embodiment, attribute information is the signing messages of MD5 value, process name or process.
In the present embodiment, attribute information is specially the signing messages of MD5 value, process name or progress, certificate server Different verification modes is configured for different attribute informations, wherein the verification mode of legitimacy verifies is carried out most according to process name Simply, the verification mode for carrying out legitimacy verifies according to the signing messages of process is most stringent, and certificate server can be according to different The requirement of applications client flexibly configures different verification modes according to the attribute information of applications client, school is effectively ensured Test the safety of process.
Subscriber identity information and authentication state are sent to calibration equipment by step 405, Authentication Client, so that calibration equipment After passing through to applications client verification, subscriber identity information and authentication state are sent to applications client.
In the present embodiment, step 405 is identical with the realization principle of the step 303 in above-described embodiment three, herein no longer It repeats.
It should be noted that in the present embodiment, step 404 and step 405 can be performed simultaneously, can also successively execute, and And do not limit sequencing.
The processing method of login provided in this embodiment, Authentication Client are corresponding to certificate server transmission user terminal It is whole to receive the user that certificate server is sent so that certificate server authenticates subscriber identity information for subscriber identity information The authentication state at end, and to the mapping relations of certificate server acquisition verification mode and attribute information, by check system and attribute The mapping relations of information are sent to calibration equipment, so that calibration equipment is according to verification corresponding with the attribute information of applications client Mode verifies applications client, and subscriber identity information and authentication state are sent to calibration equipment, so that verification fills It sets after passing through to applications client verification, sends subscriber identity information and authentication state to applications client.In the present embodiment, Certification visitor is sent to since certificate server only authenticates the corresponding subscriber identity information of user terminal, and by authentication result Family end, then calibration equipment is transmitted to by Authentication Client, each applications client of user terminal only needs to be carried out by calibration equipment Login can be realized in verification, effectively reduces and the workload of certificate server, thus reduce the load of certificate server, Accelerate the speed of single sign-on authentication.Moreover, certificate server can be according to the requirement of different applications clients, according to application The attribute information of client flexibly configures different verification modes, and the safety of checking procedure is effectively ensured.
Fig. 7 is the Signalling exchange schematic diagram of one example of processing method for the login that the embodiment of the present invention five provides.Based on upper Configuration diagram shown in Fig. 2 is stated, as shown in fig. 7, method includes the following steps:
Step 501, Authentication Client send the identity information of the corresponding user of user terminal to certificate server first.
After step 502, certificate server receive subscriber identity information, subscriber identity information is authenticated, certification is logical Later authentication state is sent to Authentication Client.
After step 503, Authentication Client receive authentication state, all of user terminal are obtained to certificate server and are answered With the verification mode of client and the mapping relations of attribute information.
The mapping relations of preconfigured verification mode and attribute information are sent to certification by step 504, certificate server Client.
The authentication state of subscriber identity information and user terminal is sent to calibration equipment by step 505, Authentication Client.
Step 506, calibration equipment receive and save the authentication state of subscriber identity information and user terminal.
The mapping relations of verification mode and attribute information are sent to calibration equipment by step 507, Authentication Client.
Step 508, calibration equipment receive and save the mapping relations of verification mode and attribute information.
Step 509, when applications client carry out single-sign-on when, to calibration equipment send include applications client attribute The registration message of information.
Step 510, calibration equipment select verification mode corresponding with the attribute information of applications client, to applications client Access legitimacy verified.
After step 511, verification pass through, calibration equipment sends the message that succeeds in registration to applications client, that is, allows using visitor Family end carry out single sign-on authentication, if do not return succeed in registration message if registration failure.
Step 512, applications client receive succeed in registration message after, to calibration equipment send log messages.
After step 513, calibration equipment receive log messages, subscriber identity information and certification shape are sent to applications client State.
After receiving authentication state, transmission login success message is complete to application server for step 514, applications client At single-sign-on.
The processing method of login provided in this embodiment reflects the check system of certificate server configuration and attribute information The authentication state for penetrating relationship, subscriber identity information and user terminal is stored into calibration equipment, when applications client carries out single-point When login, directly by calibration equipment according to verification mode corresponding with the acquisition of the attribute information of applications client, to application client End is verified, and is effectively reduced the workload of certificate server, to reduce the load of certificate server, is accelerated single-point The speed of login authentication.
Fig. 8 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention six provides.As shown in figure 8, the device Including receiving module 21, sending module 22 and correction verification module 23.Wherein, receiving module 21 is used to receive Authentication Client transmission The authentication state of user terminal corresponding subscriber identity information and user terminal, authentication state show certificate server to user's body The result that part information is authenticated;Receiving module 21 is used to receive the registration request of applications client transmission;Wherein, registration request In include applications client attribute information;Correction verification module 23 is used to verify applications client according to attribute information, and After verification passes through, triggering sending module 22 sends the message that succeeds in registration to applications client, so that applications client is stepped on Record;Receiving module 21 is also used to receive the log messages of applications client transmission;Sending module 22 is also used to applications client Authentication state and subscriber identity information are sent, so that applications client sends to application server and wraps after confirmation certification passes through The login success message of subscriber identity information is included to log on to application server.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 3, realization principle and skill Art effect is similar, and details are not described herein again.
Fig. 9 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention seven provides.In above-described embodiment six On the basis of, as shown in figure 9, correction verification module 23 includes query unit 24 and processing unit 25.Wherein, query unit 24 is for inquiring The mapping relations of verification mode and attribute information obtain verification mode corresponding with the attribute information of applications client;Wherein, it reflects Penetrating relationship is the mapping relations obtained by Authentication Client from certificate server;Processing unit 25 is used for basis and application client The corresponding verification mode of the attribute information at end verifies applications client.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 4, realization principle and skill Art effect is similar, and details are not described herein again.
Figure 10 is the structural schematic diagram for the calibration equipment that the embodiment of the present invention eight provides.As shown in Figure 10, the calibration equipment Including receiver 31, transmitter 32 and processor 33.Receiver 31 is used to receive recognizing for the user terminal of Authentication Client transmission Card state and subscriber identity information;Receiver 31 is used to receive the registration request of applications client transmission;Wherein, in registration request Attribute information including applications client;Processor 33 is used to verify applications client, and according to attribute information in school It tests by rear, triggering transmitter 32 sends the message that succeeds in registration to applications client, so that applications client is logged in;It receives Device 31 is also used to receive the log messages of applications client transmission;Transmitter 32 is also used to send authentication state to applications client And subscriber identity information, so that it includes that user identity is believed that applications client after confirmation certification passes through, is sent to application server Login success message is ceased to log on to application server.
Further, in the present embodiment, processor 33 is also used to inquire the mapping relations of verification mode and attribute information, Verification mode corresponding with the attribute information of applications client is obtained, and according to school corresponding with the attribute information of applications client Proved recipe formula verifies applications client.
Closer, in the present embodiment, verification client may also include memory (not shown), for storing The mapping relations of applications client transmission authentication state and verification mode and attribute information.
The verification client of the present embodiment can be used for executing the processing method logged in provided by Fig. 3 or Fig. 4 of the present invention Technical solution, it is similar that the realization principle and technical effect are similar, and details are not described herein again.
Figure 11 is the structural schematic diagram of the processing unit for the login that the embodiment of the present invention nine provides.As shown in figure 11, the dress It sets including 41 receiving module 42 of sending module and authentication module 43.Authentication module 43 is sent out by sending module 41 to certificate server Send user terminal corresponding subscriber identity information, so that certificate server authenticates subscriber identity information;Authentication module 43 The authentication state for the user terminal that certificate server is sent is received by receiving module 42;Authentication module 43 passes through sending module 41 Subscriber identity information and authentication state are sent to calibration equipment so that calibration equipment to applications client verification pass through after, Subscriber identity information and authentication state are sent to applications client.
Further, in the present embodiment, authentication module 43 is also obtained to certificate server by receiving module 42 and is examined The mapping relations of mode and attribute information;Authentication module 43 also passes through sending module 41 for the mapping of check system and attribute information Relationship is sent to calibration equipment, so that calibration equipment is according to verification mode corresponding with the attribute information of applications client, it is corresponding It is verified with client.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 5 or Fig. 6, realize former Reason is similar with technical effect, and details are not described herein again.
Figure 12 is the structural schematic diagram for the Authentication Client that the embodiment of the present invention ten provides.As shown in figure 12, client is authenticated End includes transmitter 44, receiver 45 and processor 46.Processor 46 sends user's end to certificate server by transmitter 44 Corresponding subscriber identity information is held, so that certificate server authenticates subscriber identity information;Processor 46 passes through receiver 45 receive the authentication state for the user terminal that certificate server is sent;Processor 46 by transmitter 44 by subscriber identity information and Authentication state is sent to calibration equipment, so that calibration equipment is sent after passing through to applications client verification to applications client Subscriber identity information and authentication state.
Further, in the present embodiment, processor 46 also obtains check system to certificate server by receiver 45 With the mapping relations of attribute information;Processor 46 is also sent check system and the mapping relations of attribute information by transmitter 44 To calibration equipment, so that calibration equipment is according to verification mode corresponding with the attribute information of applications client, to applications client It is verified.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 5 or Fig. 6, realize former Reason is similar with technical effect, and details are not described herein again.
Figure 13 is the structural schematic diagram for the user terminal that the embodiment of the present invention 11 provides.As shown in figure 12, user terminal Including Authentication Client 51, calibration equipment 52 and applications client 53.Authentication Client 51 is used to send to certificate server and use The corresponding subscriber identity information of family terminal, and the authentication state of the user terminal of certificate server transmission is received, by user identity Information and the authentication state of user terminal are sent to calibration equipment 52;Calibration equipment 52 is used to receive what Authentication Client hair 51 was sent The authentication state of subscriber identity information and user terminal, after the registration request for receiving the transmission of applications client 53, according to The attribute information for including in registration request verifies applications client 53, and after verification passes through, to applications client 53 Transmission is succeeded in registration message, after receiving the log messages that applications client 53 is sent, sends user to applications client 53 Identity information and authentication state;It wherein, include the attribute information of applications client 53 in registration request;Applications client 53 is used for Registration request is sent to calibration equipment 52, and after receiving the message that succeeds in registration that calibration equipment 52 is sent, to calibration equipment 52 send log messages, after receiving the subscriber identity information and authentication state that calibration equipment 52 is sent, send to application server Including subscriber identity information login success message to log on to the application server.
Further, in the present embodiment, Authentication Client 51 is also used to obtain verification mode and category to certificate server The mapping relations of property information, and the mapping relations of check system and attribute information are sent to calibration equipment 52;Calibration equipment 52 It is also used to inquire the mapping relations of verification mode and attribute information, obtains verification corresponding with the attribute information of applications client 53 Mode, and applications client 53 is verified according to verification mode corresponding with the attribute information of applications client 53.
The user terminal of the present embodiment can be used for executing the processing method of login provided by any embodiment of the invention Technical solution, it is similar that the realization principle and technical effect are similar, and details are not described herein again.
Figure 14 is the structural schematic diagram for the login system that the embodiment of the present invention 12 provides.As shown in figure 14, the login system System includes the user terminal 61 and certificate server 62 that embodiment illustrated in fig. 13 provides.Wherein, certificate server 62 is used for basis The subscriber identity information that the user terminal received is sent, authenticates user terminal, and after certification passes through, will authenticate State is sent to user terminal, and authentication state shows the result that certificate server authenticates subscriber identity information.
Further, in the present embodiment, login system further includes that application server (not shown) is used for receiving The login success message that family terminal is sent, and according to the subscriber identity information for including in login success message, it obtains and user's body The account of part information association, and allow the applications client of the corresponding user terminal 61 of account online;Wherein, in application server Store the incidence relation between the account and subscriber identity information of applications client;Certificate server 62 is also used to configure user's end Mapping relations between the attribute information and verification mode of the applications client at end, and mapping relations are sent to user terminal.
The login system of the present embodiment can be used for executing the processing method of login provided by any embodiment of the invention Technical solution, it is similar that the realization principle and technical effect are similar, and details are not described herein again.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or The various media that can store program code such as person's CD.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (13)

1. a kind of processing method of login, which is characterized in that the processing method be applied to calibration equipment, the calibration equipment, Authentication Client and applications client are located at same user terminal, comprising:
The calibration equipment receives the corresponding subscriber identity information of the user terminal that the Authentication Client is sent and described The authentication state of user terminal, the authentication state show the knot that certificate server authenticates the subscriber identity information Fruit;
The calibration equipment receives the registration request that the applications client is sent;It wherein, include described in the registration request The attribute information of applications client;
The calibration equipment verifies the applications client according to the attribute information, and after verification passes through, to institute It states applications client and sends the message that succeeds in registration, to notify that the applications client is logged in;
After the calibration equipment receives the log messages that the applications client is sent, described in the transmission of Xiang Suoshu applications client Authentication state and the subscriber identity information, so that the applications client is sent out after confirmation certification passes through to application server The login success message including the subscriber identity information is sent to log on to the application server.
2. the method according to claim 1, wherein the calibration equipment is according to the attribute information, to described Applications client is verified, and is specifically included:
The mapping relations of calibration equipment the inquiry verification mode and attribute information, obtain and believe with the attribute of the applications client Cease corresponding verification mode;Wherein, the mapping relations are the mapping relations obtained by Authentication Client from certificate server;
The calibration equipment is according to the verification mode corresponding with the attribute information of the applications client to the application visitor Family end is verified.
3. method according to claim 1 or claim 2, which is characterized in that the attribute information be Message Digest 5 MD5 value, into The signing messages of journey name or process.
4. a kind of processing method of login, which is characterized in that the processing method is applied to Authentication Client, the certification client End, calibration equipment and applications client are located at same user terminal, comprising:
The Authentication Client sends the corresponding subscriber identity information of the user terminal to certificate server, so that the certification Server authenticates the subscriber identity information;
The Authentication Client receives the authentication state for the user terminal that the certificate server is sent;Wherein, described to recognize Card state shows the result that certificate server authenticates the subscriber identity information;
The subscriber identity information and the authentication state are sent to calibration equipment by the Authentication Client, so that the verification After passing through to applications client verification, Xiang Suoshu applications client sends the subscriber identity information and described recognizes device Card state;
After the Authentication Client receives the authentication state for the user terminal that the certificate server is sent, the method Further include:
The Authentication Client obtains the mapping relations of verification mode and attribute information to certificate server;
The mapping relations of the verification mode and attribute information are sent to the calibration equipment by the Authentication Client, so that institute The mapping relations that calibration equipment inquires the verification mode and attribute information are stated, the attribute information with the applications client is obtained Corresponding verification mode, and according to verification mode corresponding with the attribute information of the applications client, to the application client End is verified.
5. according to the method described in claim 4, it is characterized in that, the attribute information is Message Digest 5 MD5 value, process The signing messages of name or process.
6. a kind of processing unit of login characterized by comprising
Receiving module, for receiving the corresponding subscriber identity information of user terminal of Authentication Client transmission and recognizing for user terminal Card state;The authentication state shows the result that certificate server authenticates the subscriber identity information;
The receiving module is also used to receive the registration request of applications client transmission;It wherein, include institute in the registration request State the attribute information of applications client;
Correction verification module is touched for verifying to the applications client, and after verification passes through according to the attribute information Hair sending module sends the message that succeeds in registration to the applications client, so that the applications client is logged in;
The receiving module is also used to receive the log messages that the applications client is sent;
The sending module is also used to send the authentication state and the subscriber identity information to the applications client, with Make the applications client confirmation certification pass through after, to application server send include the subscriber identity information login at Function message is to log on to the application server.
7. device according to claim 6, which is characterized in that the correction verification module includes query unit and processing unit;
The query unit obtains and the applications client for inquiring the mapping relations of verification mode and attribute information The corresponding verification mode of attribute information;Wherein, the mapping relations are to be reflected by Authentication Client from what certificate server obtained Penetrate relationship;
The processing unit, for being answered according to the verification mode corresponding with the attribute information of the applications client described It is verified with client.
8. a kind of processing unit of login characterized by comprising sending module, receiving module and authentication module;Wherein,
The authentication module sends the corresponding subscriber identity information of user terminal to certificate server by the sending module, with Authenticate the certificate server to the subscriber identity information;
The authentication module receives the certification shape for the user terminal that the certificate server is sent by the receiving module State;Wherein, the authentication state shows the result that certificate server authenticates the subscriber identity information;
The subscriber identity information and the authentication state are also sent to verification by the sending module by the authentication module Device, so that the calibration equipment is after passing through applications client verification, Xiang Suoshu applications client sends user's body Part information and the authentication state;
The authentication module is also closed by the receiving module to the mapping that certificate server obtains verification mode and attribute information System;
The mapping relations of the verification mode and attribute information are also sent to school by the sending module by the authentication module Experiment device obtains and the application visitor so that the calibration equipment inquires the mapping relations of the verification mode and attribute information The corresponding verification mode of the attribute information at family end, and according to verification mode corresponding with the attribute information of the applications client, The applications client is verified.
9. a kind of user terminal, which is characterized in that including Authentication Client, calibration equipment and applications client;
The Authentication Client for sending the corresponding subscriber identity information of user terminal to certificate server, and receives certification The subscriber identity information and the authentication state are sent to described by the authentication state for the user terminal that server is sent Calibration equipment;Wherein, the authentication state shows the result that certificate server authenticates the subscriber identity information;
The calibration equipment, for receiving the subscriber identity information that the Authentication Client is sent and the user terminal Authentication state, after receiving the registration request that the applications client is sent, according to the category for including in the registration request Property information, the applications client is verified, and after verification passes through, the transmission of Xiang Suoshu applications client succeeds in registration and disappears Breath, after receiving the log messages that the applications client is sent, Xiang Suoshu applications client sends the user identity letter Breath and the authentication state;
The applications client for sending the registration request to the calibration equipment, and is receiving the calibration equipment hair After the message that succeeds in registration sent, Xiang Suoshu calibration equipment sends log messages, receives the use that the calibration equipment is sent After family identity information and the authentication state, the login success message including the subscriber identity information is sent to application server To log on to the application server.
10. user terminal according to claim 9, which is characterized in that
The Authentication Client is also used to obtain the mapping relations of verification mode and attribute information to certificate server, and will be described Verification mode and the mapping relations of attribute information are sent to the calibration equipment;
The calibration equipment is also used to inquire the mapping relations of verification mode and attribute information, obtains and the applications client The corresponding verification mode of attribute information, and according to the verification mode corresponding with the attribute information of the applications client to institute Applications client is stated to be verified.
11. a kind of login system, which is characterized in that including the user terminal and certificate server as described in claim 9 or 10;
The certificate server, the subscriber identity information for being sent according to the user terminal received, to the user Terminal is authenticated, and after certification passes through, and authentication state is sent to the user terminal;Wherein, the authentication state Show the result that certificate server authenticates the subscriber identity information.
12. login system according to claim 11, which is characterized in that the login system further includes application server, The login success message sent for receiving the user terminal, and according to the user identity for including in the login success message Information, acquisition and the associated account of the subscriber identity information, and allow the corresponding applications client of the account online;Its In, the incidence relation between the account and subscriber identity information of the applications client is stored in the application server.
13. login system according to claim 11 or 12, which is characterized in that the certificate server is also used to configure Mapping relations between the attribute information and verification mode of the applications client of the user terminal, and the mapping relations are sent out Give the user terminal.
CN201410849669.8A 2014-12-31 2014-12-31 Processing method, device, user terminal and the login system of login Active CN105812138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410849669.8A CN105812138B (en) 2014-12-31 2014-12-31 Processing method, device, user terminal and the login system of login

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410849669.8A CN105812138B (en) 2014-12-31 2014-12-31 Processing method, device, user terminal and the login system of login

Publications (2)

Publication Number Publication Date
CN105812138A CN105812138A (en) 2016-07-27
CN105812138B true CN105812138B (en) 2019-05-28

Family

ID=56421506

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410849669.8A Active CN105812138B (en) 2014-12-31 2014-12-31 Processing method, device, user terminal and the login system of login

Country Status (1)

Country Link
CN (1) CN105812138B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209905B (en) * 2016-08-16 2020-01-24 新华三技术有限公司 Network security management method and device
CN110572388B (en) * 2019-09-05 2022-01-04 北京宝兰德软件股份有限公司 Method for connecting unified authentication server and unified authentication adapter
CN114827692A (en) * 2022-04-29 2022-07-29 深圳市瑞云科技有限公司 System for operating cloud desktop based on smart television

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140012690A1 (en) * 2012-07-05 2014-01-09 Paynearme, Inc. Systems and Methods for Facilitating Cash-Based Transactions
CN104065616B (en) * 2013-03-20 2017-06-20 中国移动通信集团公司 Single-point logging method and system
CN103501344B (en) * 2013-10-10 2017-08-01 瑞典爱立信有限公司 The method and system of single-sign-on are realized in many applications

Also Published As

Publication number Publication date
CN105812138A (en) 2016-07-27

Similar Documents

Publication Publication Date Title
CN108462704B (en) Login validation method, device, computer equipment and storage medium
CN107294721B (en) The method and apparatus of identity registration, certification based on biological characteristic
CN109413096B (en) A kind of login method and device more applied
CN104378376B (en) Single-point logging method, certificate server and browser based on SOA
US9292670B2 (en) Systems and methods for generating and authenticating one time dynamic password based on context information
US10523665B2 (en) Authentication on thin clients using independent devices
CN105246073B (en) The access authentication method and server of wireless network
CN109450649A (en) Gateway verification method and device based on application program interface and electronic equipment
CN112651011B (en) Login verification method, device and equipment for operation and maintenance system and computer storage medium
US9756028B2 (en) Methods, systems and computer program products for secure access to information
US9009793B2 (en) Dynamic pin dual factor authentication using mobile device
CN105099707B (en) A kind of offline authentication method, server and system
CN110213223A (en) Business management method, device, system, computer equipment and storage medium
CN105681258B (en) Session method and conversational device based on third-party server
CN108965341A (en) The method, apparatus and system of login authentication
CN105022939B (en) Information Authentication method and device
CN106453396A (en) Double token account login method and login verification device
CN110365483A (en) Cloud platform authentication method, client, middleware and system
JP2013097650A (en) Authentication system, authentication method and authentication server
CN106254328B (en) A kind of access control method and device
CN108600234A (en) A kind of auth method, device and mobile terminal
CN103634111B (en) Single-point logging method and system and single sign-on client-side
CN105812138B (en) Processing method, device, user terminal and the login system of login
CN109829321A (en) A kind of method, apparatus of authenticating identity, equipment and storage medium
CN110166471A (en) A kind of portal authentication method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant