CN106850699B - A kind of mobile terminal login authentication method and system - Google Patents
A kind of mobile terminal login authentication method and system Download PDFInfo
- Publication number
- CN106850699B CN106850699B CN201710229518.6A CN201710229518A CN106850699B CN 106850699 B CN106850699 B CN 106850699B CN 201710229518 A CN201710229518 A CN 201710229518A CN 106850699 B CN106850699 B CN 106850699B
- Authority
- CN
- China
- Prior art keywords
- app
- login
- token
- mobile terminal
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000012795 verification Methods 0.000 claims abstract description 47
- 238000003860 storage Methods 0.000 claims abstract description 7
- 238000005516 engineering process Methods 0.000 abstract description 11
- 230000000694 effects Effects 0.000 abstract description 4
- 101150053844 APP1 gene Proteins 0.000 description 58
- 101100189105 Homo sapiens PABPC4 gene Proteins 0.000 description 58
- 102100039424 Polyadenylate-binding protein 4 Human genes 0.000 description 58
- 101100055496 Arabidopsis thaliana APP2 gene Proteins 0.000 description 34
- 101100016250 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) GYL1 gene Proteins 0.000 description 34
- 238000012545 processing Methods 0.000 description 33
- 238000007726 management method Methods 0.000 description 24
- 238000010586 diagram Methods 0.000 description 18
- 230000008569 process Effects 0.000 description 16
- 230000006378 damage Effects 0.000 description 12
- 230000006870 function Effects 0.000 description 10
- 238000004458 analytical method Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 238000012423 maintenance Methods 0.000 description 7
- 238000011161 development Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides a kind of mobile terminal login authentication method and systems, and for carrying out login authentication to the APP on mobile terminal, method includes: to receive the logging request of APP;The transaction token including user login information of mobile terminal storage is obtained according to the logging request and is sent to APP server;It receives the dynamic key application request of the APP server and safety verification is carried out to the APP server and send token dynamic key to by the APP server of the safety verification;APP server parses the transaction token acquisition user login information and the user login information is sent to APP according to the token dynamic key completes login authentication.Realize the unified identity authentication of mobile terminal.The token information in authentication procedures is generated by key encrypted and digitally signed technology with key medium, promotes the safety of entire certification link, and improves convenience and experience effect that mobile terminal uses.
Description
Technical Field
The invention relates to a security technology, in particular to a login authentication method and system for a mobile terminal.
Background
With the high-speed development of the mobile internet, mobile office becomes an important development trend of enterprises in the future, and the APP of mobile terminals in the enterprises is increased. Due to the lack of unified planning and management, these discrete and independent APP applications do not bring good experience to users, and the login security and management standardization thereof also bring higher challenges to enterprises, which are mainly embodied in the following points:
since the APP applications use independent identity authentication mechanisms, a user needs to input a user name and a password for verification when logging in. For users, the APP authentication uses corresponding user names and passwords inside enterprises, repeated input is needed each time, and the usability is insufficient.
Because the APP uses the identity authentication management modules developed by the APP, the phenomenon of inconsistent login security requirements exists, and meanwhile, the unified planning and management of the internal security of an enterprise are not facilitated.
Because the identity authentication modules applied by the APP are respectively maintained by different teams, the cost of subsequent upgrading maintenance is high, the upgrading convenience is not sufficient, and the labor cost of an enterprise cannot be effectively saved.
In summary, the different complex identity authentication processes of many application software make users feel inconvenient, the development difficulty and maintenance cost of software developers are increased, and the authentication modules with different applications repeatedly occupy the storage resources of the mobile terminal.
Disclosure of Invention
The embodiment of the invention provides a mobile terminal login authentication method, which is used for login authentication of APP on a mobile terminal and comprises the following steps:
receiving a login request of an APP;
obtaining a transaction token which is stored by the mobile terminal and comprises user login information according to the login request, and sending the transaction token to the APP server;
receiving a dynamic key application request of the APP server, performing security verification on the APP server, and sending a token dynamic key to the APP server passing the security verification;
and the APP server analyzes the transaction token according to the token dynamic key to obtain user login information and sends the user login information to the APP to finish login authentication.
In the embodiment of the present invention, the login request includes: and the APP application unique identifier is a key name of the APP application.
In the embodiment of the present invention, the user login information includes: and the user name, the password, the login time and the mobile equipment serial number are stored when the login is successful.
In the embodiment of the present invention, the obtaining a transaction token including user login information stored in a mobile terminal according to the login request and sending the transaction token to an APP server includes:
judging whether the mobile terminal stores a transaction token comprising user login information;
determining that a transaction token comprising user login information is stored in the mobile terminal, and sending the transaction token to the APP server.
In the embodiment of the present invention, the obtaining a transaction token including user login information stored in a mobile terminal according to the login request and sending the transaction token to an APP server further includes:
when the fact that the transaction token is not stored in the mobile terminal is determined, a user name and a password input by a user are verified;
when the user name and the password input by the user are verified to be correct, a dynamic key pair corresponding to the login is generated;
generating a transaction token according to the dynamic key pair and the user login information through a token generation algorithm;
and storing the transaction token in a memory of the mobile terminal.
In the embodiment of the present invention, the receiving a dynamic key application request of the APP server and performing security verification on the APP server to send a token dynamic key to the APP server that passes the security verification includes:
acquiring an APP application unique identifier in a dynamic key application request of an APP server;
determining a public key of the APP according to the unique APP application identifier;
decrypting the dynamic key application request by using the determined public key of the APP, and determining that the APP server passes the security verification after the decryption is passed;
and sending the token dynamic key to the APP server passing the security verification.
In the embodiment of the present invention, the method further includes:
registering an APP (application) on a mobile terminal, and generating and storing key information of the APP, wherein the key information comprises: public key, private key, and regard the key name as the unique sign of APP application.
Meanwhile, the invention also provides a mobile terminal login authentication system, which is used for performing login authentication on the APP on the mobile terminal equipment and comprises the following steps: an identity authentication device and an identity authentication server;
the identity authentication device includes:
the login request receiving module is used for receiving a login request of the APP;
the token acquisition module is used for acquiring a transaction token comprising user login information according to the login request and sending the transaction token to the APP server;
the identity authentication server includes:
the APP server verification module is used for receiving a dynamic key application request of the APP server and performing security verification on the APP server;
the token key sending module is used for sending a token dynamic key to the APP server passing the security verification;
and the APP server analyzes the transaction token according to the token dynamic key to obtain user login information and sends the user login information to the APP to finish login authentication.
In an embodiment of the present invention, the token obtaining module includes:
the judging unit is used for judging whether the mobile terminal stores a transaction token comprising user login information;
and the sending unit is used for determining that the transaction token comprising user login information is stored in the mobile terminal and sending the transaction token to the APP server.
In this embodiment of the present invention, the token obtaining module further includes:
the password verification unit is used for verifying a user name and a password input by a user when the mobile terminal is determined not to store a transaction token;
the key pair generation unit is used for generating a dynamic key pair corresponding to the login when the user name and the password input by the user are verified to be correct;
and the token generation unit is used for generating a transaction token according to the dynamic key pair and the user login information through a token generation algorithm and storing the transaction token into the memory of the mobile terminal.
In the embodiment of the present invention, the APP server verification module includes:
the identifier obtaining unit is used for obtaining the unique identifier of the APP in the dynamic key application request of the APP server;
a public key determining unit, configured to determine a public key of the APP according to the APP application unique identifier;
and the decryption unit decrypts the dynamic key application request by using the determined public key of the APP, and determines that the APP server passes the security verification after the decryption passes.
In the embodiment of the present invention, the identity authentication apparatus further includes:
the registration module is used for registering the APP on the mobile terminal and generating the key information of the APP, wherein the key information comprises: public key, private key, and regard the key name as the unique sign of APP application.
In the embodiment of the present invention, the identity authentication server further includes:
and the storage module is used for storing the key information of the registered APP application.
The invention provides a mobile terminal identity login authentication system and a mobile terminal identity login authentication method. In the authentication link, a unique and tamper-proof token with a non-fixed length is generated by adopting key encryption and digital signature technologies, and a dynamic key of a forgery-proof request is used in the encryption process, so that the security of the authentication link is further improved. Meanwhile, the control of repeated login of a plurality of devices is realized by uniformly recording the related information of the login request in the background database of the identity authentication server.
In order to make the aforementioned and other objects, features and advantages of the invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a login authentication method for a mobile terminal according to the present invention;
FIG. 2 is a block diagram of a login authentication system of a mobile terminal according to the present invention;
fig. 3 is a block diagram of an identity authentication system of a mobile terminal according to an embodiment of the present invention;
FIG. 4 is a block diagram of an identity authentication module according to an embodiment of the present invention;
FIG. 5 is a block diagram of a token management module according to an embodiment of the present invention;
FIG. 6 is a block diagram of a key management module according to an embodiment of the present invention;
fig. 7 is a flowchart illustrating an embodiment of an identity authentication method of a mobile terminal according to the present invention;
fig. 8 is a flowchart illustrating an embodiment of an identity authentication method of a mobile terminal according to the present invention;
fig. 9 is a flowchart of an embodiment of an identity authentication method of a mobile terminal according to the present invention;
fig. 10 is a flowchart illustrating an example of an identity authentication method of a mobile terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The present invention provides a login authentication method for a mobile terminal, which is used for performing login authentication on an APP on the mobile terminal, and as shown in fig. 1, is a flowchart of the login authentication method for the mobile terminal provided by the present invention, and includes:
step S1001, receiving a login request of an APP;
step S1002, obtaining a transaction token including user login information stored by the mobile terminal according to the login request and sending the transaction token to the APP server;
step S1003, receiving a dynamic key application request of the APP server, performing security verification on the APP server, and sending a token dynamic key to the APP server passing the security verification;
step S1004, the APP server analyzes the transaction token according to the token dynamic key to obtain user login information and sends the user login information to the APP to complete login authentication.
Meanwhile, the present invention also provides a mobile terminal login authentication system, a structural block diagram of which is shown in fig. 2, for performing login authentication on the APP204 on the mobile terminal device 203, including: an authentication device 201 and an authentication server 202; wherein,
the identity authentication device 201 comprises:
the login request receiving module is used for receiving a login request of the APP;
the token acquisition module is used for acquiring a transaction token comprising user login information according to the login request and sending the transaction token to the APP server;
the identity authentication server 202 includes:
the APP server verification module is used for receiving a dynamic key application request of the APP server and performing security verification on the APP server;
the token key sending module is used for sending a token dynamic key to the APP server passing the security verification;
and the APP server analyzes the transaction token according to the token dynamic key to obtain user login information and sends the user login information to the APP to finish login authentication.
The invention overcomes the problems of the existing mobile terminal multi-APP identity authentication in the aspects of usability, safety, maintenance convenience and the like, provides a mobile terminal identity authentication system and a mobile terminal identity authentication method, and realizes the unified identity authentication of the mobile terminal. In addition, the token information in the identity authentication process is generated by using a key medium through key encryption and digital signature technologies, so that the safety of the whole authentication link is improved, and the convenience and the experience effect of the use of the mobile terminal are improved. The technical solution of the present invention is further described in detail with reference to specific examples.
Fig. 3 is an architecture diagram of an identity authentication system of a mobile terminal according to the present invention. As shown in fig. 3, the identity authentication system of the present embodiment includes an identity authentication APP application 1, an identity authentication APP server 2, an identity authentication APP database 3, a mobile APP1 application 4, a mobile APP1 server 5, a mobile APP1 database 6, a mobile APP2 application 7, a mobile APP2 server 8, a mobile APP2 database 9, and a Token (Token) 10.
In this embodiment, the identity authentication APP application 1 includes an identity authentication module 11, a token management module 12, and a key management module 13. The mobile APP1 application 4 includes a login module 41, an exit module 42, an authentication common module 43 and some business processing modules 44 of its own. The mobile APP2 application 7 includes a login module 71, an exit module 72, an authentication common module 73 and some business processing modules 74 of its own. The mobile APP1 application 4 calls the standard login and exit interface packaged authentication public module 43 provided by the identity authentication APP1 through the login module 41 or the exit module 42 to perform authentication request interaction. The mobile APP1 application 7 calls the standard login and exit interface packaged authentication common module 73 provided by the identity authentication APP1 through the login module 71 or the exit module 72 to perform authentication request interaction. The Token (Token)10 in the authentication process is responsible for generation and maintenance by the identity authentication APP application 1. The mobile APP1 server 5 and the mobile APP2 server 8 perform server legal identity verification through interaction with the identity authentication APP server 2, and acquire a dynamic key to analyze an authentication processing result after the verification is passed.
Fig. 4 is a structural diagram of an identity authentication module of the identity authentication APP application 1 in fig. 3 according to an embodiment of the present invention. As shown in fig. 4, the identity authentication module 11 includes: a login authentication module 111, an exit management module 112, an encryption module 113, and a decryption module 114. Wherein: the login authentication module 111 provides a unified login authentication interface for the mobile APP application, receives login requests from the mobile APP, and performs request parsing by calling the decryption module 114. Meanwhile, the login authentication module 111 determines whether the login Token (Token)10 information exists in the memory, provides a standard login interface for the authentication request without the Token, dynamically encrypts the user name and password input by the user by calling the encryption module 113, and submits the encrypted user name and password to the identity authentication APP server 2 for verification. For the existing login token information, the token parsing module 124 is called to read and parse the token and generate a request token to be returned to the requesting mobile APP application.
In an embodiment of the present invention, the exit management module 112 provides a unified exit interface for the mobile APP application, receives an exit request from the mobile APP application, and performs request parsing by calling the decryption module 114. Meanwhile, the logout management module 112 submits the logout request to the identity authentication APP server 2, the identity authentication APP server 2 calls the identity authentication APP database 3, and the logout request processing logic is used for cleaning the related information data of the original login. After the processing is successful, the exit management module 112 first calls the token parsing module 124 to determine whether the memory has token information, and if so, then calls the token destruction module 123 to return the exit processing result to the mobile APP application after the token destruction is completed. And if no token information exists in the memory, directly returning an exit processing result to the mobile APP application.
The encryption module 113 provides common encryption and signature methods. The encryption method uses an asymmetric key encryption technique to encrypt input original text information using a specified public key, such as encryption of authentication request information, encryption of a request processing result, and the like, and outputs a ciphertext. The signature method uses a digital signature technology to digest the original text information by using a HASH function, then encrypts the digest by using a specified private key, and outputs the digest and the original text information together as signature information. Meanwhile, the signature generation time and the customized signature validity time (such as 20 seconds) are added in the original text, and the signature verification time is used for verifying the timeliness of the signature information and preventing the replay of the signature information. The encryption module 113 can be independently packaged into a component form, and is provided for the mobile APP to use in the interactive link of identity authentication.
The decryption module 114 provides a common decryption and signature verification method. The decryption method in the embodiment of the invention uses an asymmetric key encryption technology to decrypt the input original text information by using a specified private key, such as decryption of authentication request information, decryption of a request processing result and the like, and outputs the decrypted original text. The signature verification method uses a digital signature technology, a receiver decrypts encrypted abstract information by using a specified public key, and then generates abstract information for a received original text by using a HASH function, and the abstract information is compared with the decrypted abstract information. If the current time minus the signature generation time is greater than the signature effective time, the signature information is overtime and invalid, and the signature verification fails; otherwise, the signature verification is successful. The decryption module 114 can be packaged independently into a component form, and is provided for the mobile APP to use in the interactive link of identity authentication.
Fig. 5 is a block diagram of a token management module of the identity authentication APP application 1 in fig. 3. As shown in fig. 5, the token management module 12 includes: a token generation module 121, a token update module 122, a token destruction module 123, and a token parsing module 124. The token generation module 121 generates login token information by calling a token generation algorithm. The token generation algorithm is the key point of the login authentication certificate, and reflects the fact information of login authentication. The data participating in token generation consists of key elements initiating a login request, following the following principles: one, uniqueness. The combination of the login elements can effectively distinguish one login request from other logins. And secondly, safety. The combination of the login elements can realize forgery prevention and falsification prevention of the request data. Therefore, the request element participating in token generation is divided into two parts, namely a basic element and a key element, wherein the basic element is applicable to all login scenes and is an essential element; the key elements are suitable for checking login scenes and are dynamic elements. The token information is represented as:
Token=S(f(M(b1,b2...bx,p),keyX.pub),key0.pri)
wherein, Token is Token information and represents a character combination with a non-fixed length; s is a signature algorithm; f is an encryption algorithm; key0.pri is a signature private key of the identity authentication APP; pub is a dynamic encryption public key; m is composed of basic information elementsAnd a plaintext consisting of key information elements, bxFor basic user information elements, p is a mobile device unique identification key information element. The life cycle of the token depends on whether the process of the identity authentication APP exists or not, and when the mobile equipment is restarted and the process is forced to be finished, the token is correspondingly destroyed.
The token updating module 122 implements the updating process of the token, and when the user of the mobile APP application needs to perform the user switching operation, the login authentication module 111 receives the user switching request and submits the user switching request to the token updating module. The token updating module completes the updating of the memory token by calling the token destroying module 123 and the token generating module 121 in sequence.
The token destruction module 123 implements the destruction processing of the token, and when the user of the mobile APP application performs an operation of actively exiting the current account, the exit management module 112 receives the active exit request and submits the active exit request to the token destruction module, thereby implementing the destruction operation of the memory token.
The token analysis module 124 provides a common method for reading and analyzing the token, and the login authentication module 111 and the logout management module 112 realize uniform reading and processing of token information in the authentication process by calling the modules.
Fig. 6 is a block diagram of a key management module of the identity authentication APP application 1 in fig. 3. As shown in fig. 6, the key management module 13 includes: the device comprises an APP registration module 131, an APP cancellation module 132, an APP information updating module 133, a key generation module 134, a key destruction module 135 and a key updating module 136. Wherein: the APP registration module 131 provides a registration function of a mobile APP application that needs to use unified identity authentication, and generates key information of the APP, including public key and private key files, by recording relevant information of the APP, such as APP name, APP development department, APP principal, and calling the key generation module 134, and the key name is used as a unique identifier of the APP. After the registration is successful, the APP acquires a pair of public and private key files (e.g., key1.pub and key1.pri) of the APP and a public key file (e.g., key0.pub) of the identity authentication APP, which are three key files.
The APP logout module 132 provides a function of releasing the mobile APP application from using the unified identity authentication, and clears the relevant information registered by the APP in the identity authentication APP by calling this module, and simultaneously calls the key destruction module 135 to destroy the key information of the APP.
The APP information update module 133 provides update of the mobile APP application registration information, such as update of APP name, APP maintenance department, etc., and updates the APP key information by calling the key update module 136 and regenerates a new public-private key file.
The key generation module 134 implements a key generation process, and generates corresponding key pair information (e.g., KeyPair) according to the unique identifier registered by the APP application through a key pair generator (e.g., KeyPair generator) of RSA algorithm, writes the generated public key into a pub suffix file (e.g., key1.pub) in Base64 encoding format, encrypts the generated private key with a private key protection password through SHA and 3KeyTripleDES algorithm, and writes into a pri suffix file (e.g., key1.pri) in Base64 encoding format.
The key destruction module 135 implements the destruction processing of the key, and deletes the public and private key files of the APP in the identity authentication APP database by receiving the logout request of the APP logout module 132, and meanwhile, removes the key information of the APP loaded in the memory of the identity authentication APP server.
The key updating module 136 realizes the updating of the key, and updates the public and private key files of the APP in the identity authentication APP database and updates the key information of the APP loaded in the memory of the identity authentication APP server by receiving the update request of the APP information updating module 133.
The present invention also provides an identity authentication method of a mobile terminal, and in order to make the method more clear and understandable, the flow chart is taken as an example to describe in detail the flow of the embodiment of the present invention.
Fig. 7 shows a specific process of logging in a mobile application on a mobile device according to an embodiment of the present invention.
Step S101: when a user accesses a certain mobile APP1 application 4 on a mobile device, the login module 41 of the application submits a login request to the login authentication module 111 of the identity authentication APP1 by calling the authentication public module 43 encapsulated by the standard login authentication interface provided by the identity authentication APP1, and the request information also includes the unique identifier of the mobile APP1 application.
Step S102: the login authentication module 111 of the identity authentication APP application 1 calls the Token analysis module 124 to detect that there is no Token (Token)10 with successful login authentication in the memory, and then returns the detection result to the login authentication module 111, and the unified login interface is displayed by the login authentication module 111. After the user inputs a user name and a password in the interface, clicks and submits, the login authentication module 111 calls the encryption module 113 to encrypt request information and submits the request information to the identity authentication APP server 2, wherein the request information comprises the encrypted user name, the encrypted password, the mobile device serial number and the unique identifier of the mobile APP1 application.
Step S103: the identity authentication APP server 2 calls the decryption module 114 to decrypt the request information, verifies whether the user name and the password are correct through the identity authentication APP database 3, and records the relevant information of the login after the verification is passed, wherein the relevant information includes the login user name, the login time, the login mobile device serial number, the unique identifier of the mobile APP1 application and the like. Meanwhile, the identity authentication APP database 3 generates a dynamic key pair corresponding to this access, such as a public key (keyx.pub) and a private key (keyx.pri) file of keyX, records a corresponding relationship between this login and this dynamic key pair, and queries basic information (such as a user name, a department affiliated to the user, and the like) of the user through a user name, and finally returns the dynamic key pair, the basic information of the user, and a processing result of this successful authentication to the identity authentication APP application 1 through the identity authentication APP server 2.
Step S104: the login module 111 of the identity authentication APP application 1 receives the processing result of successful authentication, invokes the Token generation module 121, and generates the current authentication Token (Token)10 through a Token generation algorithm for the user basic information, the mobile device serial number, the current system time, the customized Token timeout time, the public key (keyx.pub) of the dynamic key, and the private key (e.g., key0.pri) of the identity authentication APP application 1.
Step S105: the identity authentication APP application 1 writes the Token (Token)10 into its memory again, and encapsulates the Token information into the processing result (transaction Token1) of this authentication and returns the processing result (transaction Token1) to the mobile APP1 application 4.
Step S106: after the login module 41 of the application 4 of the mobile APP1 receives the transaction Token1 returned by the application 1 of the identity authentication, the transaction Token1 is submitted to the mobile APP1 server 5 of the background for analysis.
Step S107: after the mobile APP1 server 5 receives the analysis request of the transaction Token1, the transaction Token1 uses the dynamic key for encryption, so it needs to apply the dynamic key for decryption to the identity authentication APP server 2. Meanwhile, in order to ensure the validity of the mobile APP1 server 5, the token request needs to be encrypted by using a private key file (e.g. key1.pri) generated during APP registration, and then submitted to the identity authentication APP server 2 together with the APP id to perform the legal identity authentication of the mobile APP1 server 5.
Step S108: after receiving the legal identity authentication request submitted by the mobile APP1 server 5, the identity authentication APP server 2 obtains the mobile APP1 identifier in the request and calls the decryption module 114, and decrypts the encrypted transaction Token1 through the public key1. pub. After the decryption is passed, the identity of the mobile APP1 server 5 is considered to be legal, and the identity authentication APP server 2 returns the dynamic key keyx. pri of the transaction Token1 to the mobile APP1 server 5.
Step S109: after the mobile APP1 server 5 receives the dynamic key keyx pri returned by the identity authentication APP server 2, the signature verification and decryption method of the authentication public module 43 is called for the original token, the signature verification is performed by using the public key key0.pub of the identity authentication APP, and then the decryption is performed by using the dynamic key keyx pri, so that the basic information of the user who logs in and accesses at this time is obtained. Meanwhile, the log information of the login is recorded through the mobile APP1 database 6, the related role authority of the login user is inquired, and the log information is returned to the mobile APP1 application 4 through the mobile APP1 server 5.
Step S110: after the login module 41 of the application 4 of the mobile APP1 receives the authentication success information containing the user role authority returned by the mobile APP1 server 5, the login authentication is completed, and the main interface after the corresponding login is displayed according to the user basic information in the request.
Fig. 8 is a flowchart of another embodiment of the identity authentication method of the present invention, and the flow of the embodiment is described in detail below.
Step S201: the user accesses a certain mobile APP2 application 7 on the mobile device, the login module of the application submits the login request to the login authentication module 111 of the identity authentication APP1 by calling the authentication public module encapsulated by the standard login authentication interface provided by the identity authentication APP1, and the request information simultaneously includes the unique identifier of the APP2 application.
Step S202: the login authentication module 111 of the identity authentication APP application 1 calls the Token parsing module 124, detects that a Token (Token)10 with successful login authentication exists in the memory, and encapsulates the Token information into a processing result (transaction Token2) of the current authentication and returns the processing result (transaction Token2) to the mobile APP2 application 7.
Step S203: after the login module of the mobile APP2 application 7 receives the transaction Token2 returned by the identity authentication APP application 1, the transaction Token2 is submitted to the mobile APP2 server 8 in the background for analysis.
Step S204: after the mobile APP2 server 8 receives the analysis request of the transaction Token2, the transaction Token2 uses the dynamic key for encryption, so it needs to apply the dynamic key for decryption to the identity authentication APP server 2. Meanwhile, in order to ensure the validity of the mobile APP2 server 8, the token request needs to be encrypted by using a private key file (e.g. key2.pri) generated during APP registration, and then submitted to the identity authentication APP server 2 together with the APP id to perform the legal identity authentication of the mobile APP2 server 8.
Step S205: after receiving the legal identity authentication request submitted by the mobile APP2 server 8, the identity authentication APP server 2 acquires the mobile APP id in the request and calls the decryption module 114, and decrypts the encrypted transaction Token2 through the public key2. pub. After decryption is passed, the identity of the mobile APP2 server 8 is considered legitimate. Meanwhile, the identity authentication APP server 2 calls the Token parsing module 124 to parse the transaction Token2, and obtains login user information of the Token.
Step S206: the identity authentication APP server 2 records the relevant information of the login request at this time through the identity authentication APP database 3, including the login user name, time, mobile device serial number, unique identification of the APP2 and the like, and simultaneously returns the dynamic key X.pri of the original token to the mobile APP2 server 8 through the identity authentication APP server 2.
Step S207: after receiving the dynamic key keyx pri returned by the identity authentication APP server 2, the mobile APP2 server 8 calls a signature verification and decryption method of the authentication public module for the original token, firstly uses the public key key0.pub of the identity authentication APP to verify the signature, and then uses the dynamic key keyx pri to decrypt, so as to obtain the user basic information of the login access. Meanwhile, the log information of the login is recorded through the mobile APP2 database 9, the related role authority of the login user is inquired, and the log information is returned to the mobile APP2 application 7 through the mobile APP2 server 8.
Step S208: and after the login module of the application 7 of the mobile APP2 receives the authentication success information containing the user role authority returned by the mobile APP2 server 8, the login authentication is completed at this time, and the main interface after the corresponding login is displayed according to the user basic information in the request.
Fig. 9 is a flowchart of another embodiment of the identity authentication method of the present invention, and the flow of the embodiment is described in detail below.
Step S301: the user has logged in a certain mobile APP1 application 4 on the mobile device, and clicks the function of switching the user, the login module 41 of the application submits the request of switching the user to the login authentication module 111 of the identity authentication APP1 by calling the authentication public module 43 encapsulated by the standard login authentication interface provided by the identity authentication APP1, and the request information includes the unique identifier of the mobile APP1 application and the operation identifier of the switching user.
Step S302: the login authentication module 111 of the identity authentication APP application 1 calls the Token parsing module 124 to detect that a Token (Token)10 with successful login authentication exists in the memory, and then returns a detection result to the login authentication module 111, and the login authentication module presents a uniform login interface according to the switching user request identifier sent by the mobile APP1 application 4. After the user inputs a user name and a password on the interface and clicks and submits the user name and the password, the login authentication module 111 calls the encryption module 113 to encrypt request information and submits the request information to the identity authentication APP server 2, wherein the request information comprises the encrypted user name, the encrypted password, a switching user operation identifier, a mobile equipment serial number and a unique identifier of the mobile APP1 application.
Step S303: the identity authentication APP server 2 calls the decryption module 114 to decrypt the request information, verifies whether the user name and the password are correct through the identity authentication APP database 3, and updates the related information of the login according to the operation identifier of the switching user after the verification is passed, wherein the related information comprises the login user name, the login time, the login mobile equipment serial number, the unique identifier of the mobile APP1 application and the like. Meanwhile, the identity authentication APP database 3 regenerates a dynamic key pair corresponding to the access, such as a public key (key.pub) and a private key (key.pri) file of key, records a corresponding relationship between the login and the dynamic key pair, queries basic information (such as a user name, a department affiliated to the user and the like) of the user through a user name, and finally returns the dynamic key pair, the basic information of the user and a processing result of successful login authentication of the user switched this time to the identity authentication APP application 1 through the identity authentication APP server 2.
Step S304: the login module 111 of the identity authentication APP application 1 receives the processing result of successful authentication, invokes the Token generation module 121, and generates the current authentication Token (Token)10 through a Token generation algorithm for the user basic information, the mobile device serial number, the current system time, the customized Token timeout time, the public key (keyy.pub) of the dynamic key, and the private key (e.g., key0.pri) of the identity authentication APP application 1.
Step S305: the identity authentication APP application 1 writes the Token (Token)10 into its memory again, and encapsulates the Token information into the processing result (transaction Token1) of this authentication and returns the processing result (transaction Token1) to the mobile APP1 application 4.
Step S306: after the login module 41 of the application 4 of the mobile APP1 receives the transaction Token1 returned by the application 1 of the identity authentication, the transaction Token1 is submitted to the mobile APP1 server 5 of the background for analysis. Step S307: after the mobile APP1 server 5 receives the analysis request of the transaction Token1, the transaction Token1 uses the dynamic key for encryption, so it needs to apply the dynamic key for decryption to the identity authentication APP server 2. Meanwhile, in order to ensure the validity of the mobile APP1 server 5, the token request needs to be encrypted by using a private key file (e.g. key1.pri) generated during APP registration, and then submitted to the identity authentication APP server 2 together with the APP id to perform the legal identity authentication of the mobile APP1 server 5.
Step S308: after receiving the legal identity authentication request submitted by the mobile APP1 server 5, the identity authentication APP server 2 acquires the mobile APP id in the request and calls the decryption module 114, and decrypts the encrypted transaction Token1 through the public key1. pub. After the decryption is passed, the identity of the mobile APP1 server 5 is considered to be legal, and the identity authentication APP server 2 returns the dynamic key y. pri of the transaction Token1 to the mobile APP1 server 5.
Step S309: after receiving the dynamic key y.pri returned by the identity authentication APP server 2, the mobile APP1 server 5 calls the signature verification method of the authentication public module 43 for the original token, firstly uses the public key0.pub of the identity authentication APP to verify the signature, and then uses the dynamic key y.pri to decrypt, so as to obtain the user basic information of the login access. Meanwhile, the log information of the login is recorded through the mobile APP1 database 6, the related role authority of the login user is inquired, and the log information is returned to the mobile APP1 application 4 through the mobile APP1 server 5.
Step S310: after the login module 41 of the application 4 of the mobile APP1 receives the authentication success information containing the user role authority returned by the mobile APP1 server 5, the login authentication of the user to be switched at this time is completed, and the corresponding main interface after login is displayed according to the user basic information in the request.
Fig. 10 is a flowchart of another embodiment of the identity authentication method of the present invention, and the flow of the embodiment is described in detail below.
Step S401: the user logs in a certain mobile APP2 application 7 on the mobile device, clicks the function of actively logging out the current account, the logging-out module of the application submits the active logging-out request to the logging-out management module 112 of the identity authentication APP1 by calling the authentication public module encapsulated by the standard logging-out management interface provided by the identity authentication APP1, and the request information simultaneously includes the unique identifier of the mobile APP2 application. For the ordinary closing APP operation, the exit management interface of the identity authentication APP1 is not required to be called.
Step S402: the logout management module 112 of the identity authentication APP application 1 calls the Token parsing module 124 to detect that the Token (Token)10 with successful login authentication exists in the memory, and then returns the detection result to the logout management module 112 and submits a logout request to the identity authentication APP server 2, where the request information includes the mobile device serial number and the unique identifier of the APP 2.
Step S403: after receiving the submitted quit request, the identity authentication APP server 2 clears the related login information originally recorded by the mobile equipment through the identity authentication APP database 3, wherein the related login information includes dynamic key information and corresponding relation information of a login user, records a log of quitting operation of the user, and returns a processing result.
Step S404: after receiving the processing result of the logout request returned by the identity authentication APP server 2, the logout management module 112 of the identity authentication APP application 1 destroys the token information in the memory by calling the token destruction module 123, and returns the processing result of the logout request to the mobile APP2 application 7.
Step S405: after receiving the result that the identity authentication APP application 1 quits the request processing is successful, the quit module of the mobile APP2 application 7 forwards the processing result to the mobile APP2 server 8.
Step S406: the mobile APP2 server 8 receives the quitting success result information, records the quitting log information through the mobile APP2 database 9, and returns the quitting processing result to the mobile APP2 application 7.
Step S407: after receiving the quit processing result returned by the mobile APP2 server 8, the mobile APP2 application 7 closes the mobile APP2 application, and finishes the quit operation this time.
The invention provides a mobile terminal identity authentication system and a mobile terminal identity authentication method. In the authentication link, a unique and tamper-proof token with a non-fixed length is generated by adopting key encryption and digital signature technologies, and a dynamic key of a forgery-proof request is used in the encryption process, so that the security of the authentication link is further improved. Meanwhile, the control of repeated login of a plurality of devices is realized by uniformly recording the related information of the login request in the background database of the identity authentication server.
The invention overcomes the problems of the existing mobile terminal multi-APP identity authentication in the aspects of usability, safety, maintenance convenience and the like, provides a mobile terminal identity authentication system and a mobile terminal identity authentication method, and realizes the unified identity authentication of the mobile terminal. In addition, the token information in the identity authentication process is generated by using a key medium through key encryption and digital signature technologies, so that the safety of the whole authentication link is improved, and the convenience and the experience effect of the use of the mobile terminal are improved.
The invention provides an identity authentication method of a mobile terminal, which improves the existing identity authentication mode applied to a mobile network, combines a digital encryption technology to generate a token, overcomes the problem of insecurity in the authentication process, and mainly has the following effects and advantages:
1. by the identity authentication system designed by the invention, the user information and the equipment environment in the login process are stored in the form of the token, and the verification is read immediately in the authentication process, so that the links of repeatedly inputting the user name and the password by the user are reduced, and the usability of the user login operation is improved.
2. The identity authentication system designed by the invention realizes the login authentication and exit interface of the internal standard of an enterprise, improves the standardization and the convenience of subsequent upgrade maintenance, and saves the investment of labor cost.
3. The identity authentication system designed by the invention effectively avoids the problems that the authentication information is stolen and the authentication server is imitated. According to each authentication request message, a certain secret key encryption and decryption algorithm and a digital signature technology are adopted, so that the integrity of the transmission of the authentication request message and the identity authentication of a requester are ensured, and the repudiation in the transaction is prevented.
The identity authentication system designed by the invention utilizes the characteristic of the background database for recording the authentication information to solve the problem of preventing repeated login of different mobile devices in the authentication link, and can carry out real-time statistics and analysis on the authentication conditions of the user and the devices.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (13)
1. A login authentication method for a mobile terminal is used for performing login authentication on an APP on the mobile terminal, and is characterized by comprising the following steps:
receiving a login request of an APP;
obtaining a transaction token which is stored by the mobile terminal and comprises user login information according to the login request, and sending the transaction token to the APP server;
receiving a dynamic key application request of the APP server, performing security verification on the APP server, and sending a token dynamic key to the APP server passing the security verification;
the APP server analyzes the transaction token according to the token dynamic key to obtain user login information and sends the user login information to the APP to complete login authentication;
receiving the dynamic key application request of the APP server and performing security verification on the APP server, and sending a token dynamic key to the APP server passing the security verification includes:
acquiring an APP application unique identifier in a dynamic key application request of an APP server;
determining a public key of the APP according to the unique APP application identifier;
decrypting the dynamic key application request by using the determined public key of the APP, and determining that the APP server passes the security verification after the decryption is passed;
and sending the token dynamic key to the APP server passing the security verification.
2. The mobile terminal login authentication method of claim 1, wherein the login request comprises: and the APP application unique identifier is a key name of the APP application.
3. The mobile terminal login authentication method of claim 2, wherein the user login information comprises: and the user name, the password, the login time and the equipment serial number of the mobile terminal are stored when the login is successful.
4. The mobile terminal login authentication method of claim 3, wherein the obtaining of the transaction token including user login information stored by the mobile terminal according to the login request and sending the transaction token to the APP server comprises:
judging whether the mobile terminal stores a transaction token comprising user login information;
determining that a transaction token comprising user login information is stored in the mobile terminal, and sending the transaction token to the APP server.
5. The method for login authentication of a mobile terminal according to claim 3, wherein the obtaining of the transaction token including the user login information stored in the mobile terminal according to the login request and sending the transaction token to the APP server further comprises:
when the fact that the transaction token is not stored in the mobile terminal is determined, a user name and a password input by a user are verified;
when the user name and the password input by the user are verified to be correct, a dynamic key pair corresponding to the login is generated;
generating a transaction token according to the dynamic key pair and the user login information through a token generation algorithm;
and storing the transaction token in a memory of the mobile terminal.
6. The mobile terminal login authentication method of claim 1, wherein the method further comprises:
registering an APP (application) on a mobile terminal, and generating and storing key information of the APP, wherein the key information comprises: public key, private key, and regard the key name as the unique sign of APP application.
7. A mobile terminal login authentication system is used for login authentication of APP on a mobile terminal, and is characterized in that the system comprises: an identity authentication device and an identity authentication server; wherein,
the identity authentication device comprises:
the login request receiving module is used for receiving a login request of the APP;
the token acquisition module is used for acquiring a transaction token comprising user login information according to the login request and sending the transaction token to the APP server;
the identity authentication server includes:
the APP server verification module is used for receiving a dynamic key application request of the APP server and performing security verification on the APP server;
the token key sending module is used for sending a token dynamic key to the APP server passing the security verification;
the APP server analyzes the transaction token according to the token dynamic key to obtain user login information and sends the user login information to the APP to complete login authentication;
the APP server verification module comprises:
the identification obtaining unit is used for obtaining the unique APP identification in the dynamic key application request of the APP server;
a public key determining unit, configured to determine a public key of the APP according to the APP application unique identifier;
and the decryption unit decrypts the dynamic key application request by using the determined public key of the APP, and determines that the APP server passes the security verification after the decryption passes.
8. The mobile terminal login authentication system of claim 7, wherein the login request comprises: and the APP application unique identifier is a key name of the APP application.
9. The mobile terminal login authentication system of claim 8, wherein the user login information comprises: and the user name, the password, the login time and the equipment serial number of the mobile terminal are stored when the login is successful.
10. The mobile terminal login authentication system of claim 9, wherein the token acquisition module comprises:
the judging unit is used for judging whether the mobile terminal stores a transaction token comprising user login information;
and the sending unit is used for determining that the transaction token comprising user login information is stored in the mobile terminal and sending the transaction token to the APP server.
11. The mobile terminal login authentication system of claim 9, wherein the token acquisition module further comprises:
the password verification unit is used for verifying a user name and a password input by a user when the mobile terminal is determined not to store a transaction token;
the key pair generation unit is used for generating a dynamic key pair corresponding to the login when the user name and the password input by the user are verified to be correct;
and the token generation unit is used for generating a transaction token according to the dynamic key pair and the user login information through a token generation algorithm and storing the transaction token into the memory of the mobile terminal.
12. The system of claim 7, wherein the identity authentication means further comprises:
the registration module is used for registering the APP on the mobile terminal and generating the key information of the APP, wherein the key information comprises: public key, private key, and regard the key name as the unique sign of APP application.
13. The system of claim 12, wherein the authentication server further comprises:
and the storage module is used for storing the key information of the registered APP application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710229518.6A CN106850699B (en) | 2017-04-10 | 2017-04-10 | A kind of mobile terminal login authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710229518.6A CN106850699B (en) | 2017-04-10 | 2017-04-10 | A kind of mobile terminal login authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106850699A CN106850699A (en) | 2017-06-13 |
| CN106850699B true CN106850699B (en) | 2019-11-29 |
Family
ID=59148085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710229518.6A Active CN106850699B (en) | 2017-04-10 | 2017-04-10 | A kind of mobile terminal login authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106850699B (en) |
Families Citing this family (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11836706B2 (en) * | 2012-04-16 | 2023-12-05 | Sticky.Io, Inc. | Systems and methods for facilitating a transaction using a virtual card on a mobile device |
| KR102385474B1 (en) * | 2017-07-19 | 2022-04-13 | 현대자동차주식회사 | Vehicle system and control method thereof |
| US10903997B2 (en) | 2017-10-19 | 2021-01-26 | Autnhive Corporation | Generating keys using controlled corruption in computer networks |
| JP7448220B2 (en) * | 2017-10-19 | 2024-03-12 | オートンハイブ コーポレイション | Key generation/deposit system and method for multipoint authentication |
| CN110035033B (en) | 2018-01-11 | 2022-11-25 | 华为技术有限公司 | Key distribution method, device and system |
| CN108495309B (en) * | 2018-02-06 | 2022-03-25 | 咪咕文化科技有限公司 | Information processing method, electronic device, and storage medium |
| CN108200089B (en) * | 2018-02-07 | 2022-06-07 | 腾讯云计算(北京)有限责任公司 | Method, device and system for realizing information security and storage medium |
| CN108848079B (en) * | 2018-05-31 | 2021-05-11 | 腾讯科技(深圳)有限公司 | Method, system, device and computer system for realizing information verification |
| CN108809988A (en) * | 2018-06-14 | 2018-11-13 | 北京中电普华信息技术有限公司 | A kind of authentication method and system of request |
| TWI725352B (en) * | 2018-11-05 | 2021-04-21 | 緯創資通股份有限公司 | Method for authentication and authorization and authentication server using the same |
| CN111242248B (en) * | 2018-11-09 | 2023-07-21 | 中移(杭州)信息技术有限公司 | Personnel information monitoring method, device and computer storage medium |
| CN109302422B (en) * | 2018-11-22 | 2022-02-25 | 北京顺丰同城科技有限公司 | Method for logging in mobile application, mobile terminal, electronic equipment, system and storage medium |
| CN110032855A (en) * | 2019-02-28 | 2019-07-19 | 招银云创(深圳)信息技术有限公司 | Login method, device, computer equipment and the storage medium of application |
| CN112016918B (en) * | 2019-05-30 | 2024-06-25 | 小米数字科技有限公司 | Signature writing method, signature verification method, device and storage medium |
| CN110381021B (en) * | 2019-06-13 | 2021-04-20 | 视联动力信息技术股份有限公司 | Method and device for preventing illegal attack, electronic equipment and storage medium |
| CN110417730B (en) * | 2019-06-17 | 2022-07-19 | 平安科技(深圳)有限公司 | Unified access method of multiple application programs and related equipment |
| CN110234116B (en) * | 2019-06-24 | 2021-11-02 | 飞天诚信科技股份有限公司 | Security authentication method and system |
| CN110362984B (en) * | 2019-06-28 | 2021-04-30 | 北京思源理想控股集团有限公司 | Method and device for operating service system by multiple devices |
| CN110536118A (en) * | 2019-09-06 | 2019-12-03 | 腾讯科技(深圳)有限公司 | A kind of data capture method, device and computer storage medium |
| CN112751800B (en) * | 2019-10-29 | 2023-11-24 | 杭州海康威视系统技术有限公司 | Authentication method and device |
| CN110868301B (en) * | 2019-11-07 | 2022-03-29 | 浪潮软件股份有限公司 | Identity authentication system and method based on state cryptographic algorithm |
| CN111162908B (en) * | 2019-12-11 | 2022-07-22 | 深圳供电局有限公司 | Key solar power transmission line field operation method and system |
| CN111176710B (en) * | 2019-12-30 | 2023-10-03 | 宁波视睿迪光电有限公司 | Operation method of terminal software management system and terminal software management system |
| CN111241499B (en) * | 2020-01-07 | 2023-05-05 | 腾讯科技(深圳)有限公司 | Application program login method, device, terminal and storage medium |
| CN111212427A (en) * | 2020-01-14 | 2020-05-29 | 陈良准 | Application APP account login management system based on mobile terminal |
| CN112003706B (en) * | 2020-08-24 | 2023-07-18 | 北京字节跳动网络技术有限公司 | Signature method, signature device, computer equipment and storage medium |
| CN112491787B (en) * | 2020-10-18 | 2022-12-27 | 苏州浪潮智能科技有限公司 | Method and equipment for safety management of user data |
| CN113067827B (en) * | 2021-03-25 | 2022-08-02 | 中国工商银行股份有限公司 | System unification authentication method and device |
| CN113452782B (en) * | 2021-06-28 | 2022-04-26 | 烽火通信科技股份有限公司 | Upgrading method and device under mesh networking |
| CN113824691A (en) * | 2021-08-25 | 2021-12-21 | 浪潮软件股份有限公司 | Method for implementing silent login strategy applied by mobile terminal third party H5 |
| CN113868625A (en) * | 2021-09-29 | 2021-12-31 | 商派软件有限公司 | Identity authentication method and system |
| CN113821446A (en) * | 2021-10-11 | 2021-12-21 | 中国银行股份有限公司 | Test verification method and device for transaction system |
| CN113872983A (en) * | 2021-10-13 | 2021-12-31 | 苏州兆晶智能科技有限公司 | Block chain chip identity authentication system and authentication method thereof |
| CN113949566B (en) * | 2021-10-15 | 2024-06-11 | 工银科技有限公司 | Resource access method, device, electronic equipment and medium |
| CN114244627B (en) * | 2022-01-04 | 2023-12-26 | 上海华申智能卡应用系统有限公司 | Authorization method and system |
| CN114866247B (en) * | 2022-04-18 | 2024-01-02 | 杭州海康威视数字技术股份有限公司 | Communication method, device, system, terminal and server |
| CN114710281B (en) * | 2022-04-24 | 2024-08-23 | 中国工商银行股份有限公司 | Method and device for exiting online banking system |
| CN114900344A (en) * | 2022-04-26 | 2022-08-12 | 四川智能建造科技股份有限公司 | Identity authentication method, system, terminal and computer readable storage medium |
| CN115174236A (en) * | 2022-07-08 | 2022-10-11 | 上海百家云科技有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
| CN115361171A (en) * | 2022-07-22 | 2022-11-18 | 上汽通用五菱汽车股份有限公司 | Login method and login system |
| CN115860037B (en) * | 2023-02-24 | 2023-06-06 | 中国(上海)宝玉石交易中心有限公司 | Anti-counterfeiting method, anti-counterfeiting system and anti-counterfeiting assembly for precious stones |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104767731A (en) * | 2015-03-12 | 2015-07-08 | 江苏中天科技软件技术有限公司 | Identity authentication protection method of Restful mobile transaction system |
| CN105577691A (en) * | 2016-02-03 | 2016-05-11 | 飞天诚信科技股份有限公司 | Security access method and server |
| CN106161348A (en) * | 2015-03-30 | 2016-11-23 | 中兴通讯股份有限公司 | A kind of method of single-sign-on, system and terminal |
| CN106209749A (en) * | 2015-05-08 | 2016-12-07 | 阿里巴巴集团控股有限公司 | Single-point logging method and the processing method and processing device of device, relevant device and application |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139163B (en) * | 2011-11-29 | 2016-01-13 | 阿里巴巴集团控股有限公司 | Data access method, server and terminal |
| US9258121B2 (en) * | 2014-06-20 | 2016-02-09 | Gemalto Sa | Method to manage modification of encryption credentials |
| US9779233B2 (en) * | 2015-03-05 | 2017-10-03 | Ricoh Co., Ltd. | Broker-based authentication system architecture and design |
| CN105721502B (en) * | 2016-04-11 | 2019-02-01 | 上海上实龙创智慧能源科技股份有限公司 | A kind of authorization access method for browser client and server |
-
2017
- 2017-04-10 CN CN201710229518.6A patent/CN106850699B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104767731A (en) * | 2015-03-12 | 2015-07-08 | 江苏中天科技软件技术有限公司 | Identity authentication protection method of Restful mobile transaction system |
| CN106161348A (en) * | 2015-03-30 | 2016-11-23 | 中兴通讯股份有限公司 | A kind of method of single-sign-on, system and terminal |
| CN106209749A (en) * | 2015-05-08 | 2016-12-07 | 阿里巴巴集团控股有限公司 | Single-point logging method and the processing method and processing device of device, relevant device and application |
| CN105577691A (en) * | 2016-02-03 | 2016-05-11 | 飞天诚信科技股份有限公司 | Security access method and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106850699A (en) | 2017-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106850699B (en) | A kind of mobile terminal login authentication method and system | |
| CN111708991B (en) | Service authorization method, device, computer equipment and storage medium | |
| CN110519260B (en) | Information processing method and information processing device | |
| CN103795692B (en) | Open authorization method, system and certification authority server | |
| CN108173662B (en) | Equipment authentication method and device | |
| CN114900338B (en) | Encryption and decryption method, device, equipment and medium | |
| CN106685973B (en) | Remember method and device, log-in control method and the device of log-on message | |
| CN106452772B (en) | Terminal authentication method and device | |
| CN109510802B (en) | Authentication method, device and system | |
| CN111030814A (en) | Key negotiation method and device | |
| CN105075176B (en) | Challenge-response method and associated client device | |
| US20110069839A1 (en) | Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method | |
| KR101817152B1 (en) | Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential | |
| CN112528250A (en) | System and method for realizing data privacy and digital identity through block chain | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN112084521A (en) | Unstructured data processing method, device and system for block chain | |
| CN106936797A (en) | The management method and system of magnetic disk of virtual machine and file encryption key in a kind of cloud | |
| CN109150811B (en) | Method and device for realizing trusted session and computing equipment | |
| CN113852628A (en) | Decentralized single sign-on method, decentralized single sign-on device and storage medium | |
| CN114629713B (en) | Identity verification method, device and system | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN113505353B (en) | Authentication method, authentication device, authentication equipment and storage medium | |
| CN112235276B (en) | Master-slave equipment interaction method, device, system, electronic equipment and computer medium | |
| CN113704734A (en) | Distributed digital identity-based method for realizing certificate verification and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210107 Address after: 100140, 55, Fuxing Avenue, Xicheng District, Beijing Patentee after: INDUSTRIAL AND COMMERCIAL BANK OF CHINA Patentee after: ICBC Technology Co.,Ltd. Address before: 100140, 55, Fuxing Avenue, Xicheng District, Beijing Patentee before: INDUSTRIAL AND COMMERCIAL BANK OF CHINA |
|
| TR01 | Transfer of patent right |